Hacker News new | ask | show | jobs
by lengocthuong15 2970 days ago
Hi all, In 18.01 Igor had fixed CVE-2018-5996 with adding some variable like _errorMode or m_TablesOK. And in 18.05 I don't see this variables. Igor was replace it by _solidAllowed to fix CVE-2018-10115. Does it fix for both CVE-2018-5996 and CVE-2018-10115? Thank you
1 comments
landave 2970 days ago
I think this is correct. Since _solidAllowed is set to false at the beginning of Code(), it will remain false if an exception occurs in the middle of decoding (CVE-2018-5996). This will enforce PpmError being set to true for the next item, which in turn will enforce the (possibly broken) PPMD state to be reinitialized. In some sense, this means that the new bug fix is a generalization of the first one, fixing both CVE-2018-5996 and CVE-2018-10115.
link
lengocthuong15 2965 days ago
Thank you!
link