Openwall GNU/*/Linux 3.0 - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 5 Aug 2009 13:53:50 +0200
From: Thomas Biege <thomas@...e.de>
To: oss-security@...ts.openwall.com
Cc: coley@...re.org
Subject: Re: CVE request: XEmacs Multiple Integer Overflows

Hello,
was a CVE-ID allocated for this issue in the meanwhile?

On Thu, Jul 16, 2009 at 09:25:41AM +0200, Alex Legler wrote:
> Hi,
> 
> I don't think we have a CVE for this/these issue(s) yet, so please
> assign one/some:
> 
> The {tiff,png,jpeg}_instantiate() functions in glyphs-eimage.c contain
> an integer overflow, possibly leading to a heap-based buffer overflow.
> 
> References:
> Filed upstream as: http://tracker.xemacs.org/XEmacs/its/issue534
> 
> http://secunia.com/advisories/35348
> http://www.vupen.com/english/advisories/2009/1666
> https://bugs.gentoo.org/show_bug.cgi?id=275397
> https://bugzilla.redhat.com/show_bug.cgi?id=511994
> 
> Thanks,
> Alex



-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
           Hamming's Motto:
           The purpose of computing is insight, not numbers.
                                -- Richard W. Hamming

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ