Date: Wed, 01 Apr 2009 14:29:57 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: oss-security@...ts.openwall.com Subject: CVE request -- bibtex, pam_ssh Hello Steve, could you allocate new CVE ids for the following two issues: 1, bibtex invalid reads/writes when parsing big *.bib file (valgrind reports suspicious behavior) References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920 (texlive-base-bin) https://bugzilla.redhat.com/show_bug.cgi?id=492136 (tetex, texlive) The problem is in bibtex, but looks like it is shipped in various packages for various vendors. 2, pam_ssh Password prompt varies for existent and non-existent users References: http://bugs.gentoo.org/show_bug.cgi?id=263579 https://bugzilla.redhat.com/show_bug.cgi?id=492153 While this is not problem of pam, pam_ssh is affected. Also admit this is a very low security issue (affecting special configurations), but in any case the password prompt should be always the same. Successfully reproduced. Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ