|
⇤ ← Revision 1 as of 2019-02-24 17:06:15
Size: 1123
Comment: move content from [[Bugs]] page since this seems to be a personal notes page
|
← Revision 2 as of 2019-02-25 03:19:03 ⇥
Size: 0
Comment: not a personal notes page but other folks seem to want it gone
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Bugs = This page list common bugs, current checks, potential checks, solutions and links to potentially affected code in Debian. == External advice == * General: [[https://cwe.mitre.org/data/|CWE]] [[https://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/view/head:/audits/review.template|Ubuntu review template]] * Web applications: [[https://www.owasp.org/|OWASP]] == Issues == * memory use after free * Explanations: https://cwe.mitre.org/data/definitions/416.html * Affected: libc free() without NULL afterwards, C++ delete * Potentially affected: http://codesearch.debian.net/search?q=\bfree\%28[^\%29]*\%29 * Checks: [[https://code.google.com/p/address-sanitizer/|AddressSanitizer]] [[DebianPackage:valgrind|Valgrind]] * Solution: * array bounds checking issues * [[http://bonedaddy.net/pabs3/log/2014/02/17/pid-preservation-society/|shell metacharacter injection]] * unauthenticated code/data downloads * SQL injection * HTML template injection * YAML loading arbitrary code * XML recursive entity resolution * XML entity arbitrary file load |
