develooper Front page | perl.perl5.porters | Postings from February 2017

DAVEM TPF grant#2 report #162

Thread Next
From:
Dave Mitchell
Date:
February 15, 2017 16:36
Subject:
DAVEM TPF grant#2 report #162
Message ID:
20170215163559.GX8158@iabyn.com
I mostly spent last week continuing to work on tickets in the security
queue.

As I said last time:
> There's quite a lot of tickets in the security queue due to fuzzing, where
> if the fuzzer detects a use-after-free or buffer overrun for example, the
> reporter submits it to the security queue rather than the normal queue.
> Once examined, 95% of the time it will be found to be harmless or
> non-exploitable, but until someone has assessed and fixed it, it lingers
> as an open security ticket.

2017/02/06
     1:15 process p5p mailbox
     0:30 review security tickets
     3:57 RT #129861 heap-use-after-free S_mro_gather_and_rename

2017/02/07
     0:45 process p5p mailbox
     3:53 RT #130727 S_maybe_multideref: Assertion failed
     1:00 RT #129861 heap-use-after-free S_mro_gather_and_rename

2017/02/08
     0:07 process p5p mailbox
     2:42 RT #129861 heap-use-after-free S_mro_gather_and_rename

2017/02/10
     0:48 process p5p mailbox
     2:50 RT #129881 heap-buffer-overflow Perl_pad_sv

2017/02/11
     2:02 RT #129881 heap-buffer-overflow Perl_pad_sv



SUMMARY:
      7:39 RT #129861 heap-use-after-free S_mro_gather_and_rename
      4:52 RT #129881 heap-buffer-overflow Perl_pad_sv
      3:53 RT #130727 S_maybe_multideref: Assertion failed
      2:55 process p5p mailbox
      0:30 review security tickets
    ------
     19:49 TOTAL (HH::MM)

-- 
Never do today what you can put off till tomorrow.

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About