oss-security - CVE request -- firefox, vlc, WeeChat

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Tue, 17 Mar 2009 20:23:43 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security <oss-security@...ts.openwall.com>
Subject: CVE request -- firefox, vlc, WeeChat

Hello Steve,

  1, the following DoS (crash) and null pointer dereference
     has been recently reported against firefox-3.0.7

     References:
     http://bugs.gentoo.org/show_bug.cgi?id=262704
     https://bugzilla.mozilla.org/show_bug.cgi?id=456727
     http://www.milw0rm.com/exploits/8219
     https://bugzilla.mozilla.org/show_bug.cgi?id=448329

  2, vlc 0.9.8a remote DoS (hang)
     
     References:
     http://bugs.gentoo.org/show_bug.cgi?id=262708
     http://milw0rm.com/exploits/8213

  3, WeeChat -- new upstream release 0.2.6.1 with one security
                fix included -- DoS (crash) when receiving special 
                characters in IRC messages

     References:
     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940
     http://weechat.flashtux.org/download.php
     https://savannah.nongnu.org/bugs/index.php?25862

Could you please allocate CVE identifiers for these issues?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.