HI Robert, Thanks for the unstable fix.
On Sun, May 15, 2016 at 11:06:07AM +0200, Robert Luberda wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Yuriy M. Kaminskiy pisze: > >> Can you check it actually affects [...] > > > > According to http://www.talosintel.com/reports/* (as linked from > > tracker), CVE-2016-2334 affects HFS+ parser and CVE-2016-2335 UDF > > parser. > > I've found patches at [1]. Patch for CVE-2016-2335 applies clearly on > both 9.20 and 15.14. However the patch for CVE-2016-2334 can be > applied to 15.14 only. According to [2] "HFS support was improved" in > version 9.32 beta, so 9.20 might not be vulnerable to this issue. > > Dear Talos Team, > Could you please confirm whether 9.20 is or is not vulnerable to > CVE-2016-2334? I think it is because the TALOS report says that 9.20 was tested as well and found to be vulnerable. But an explicit confirmation would be great. Regards, Salvatore
