Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 Oct 2009 22:11:32 +0000
From: Tim Brown <tmb@...35.com>
To: oss-security@...ts.openwall.com
Subject: Re:  CVE request - asterisk, python-markdown, jetty, kde

On Thursday 29 October 2009 20:10:27 Tomas Hoger wrote:
> On Thu, 29 Oct 2009 09:42:36 -0600 Raphael Geissert
>
> <geissert@...ian.org> wrote:
> > = kde =
> > Multiple missing input sanity checks in KDE
> > Reference:
> > http://www.ocert.org/advisories/ocert-2009-015.html
>
> Btw, do you have any suggestion on how many CVEs should be allocated
> here and what are the individual flaws?  I failed to build satisfying
> list form the info in the advisory.  Have you managed to tell which
> patch is supposed to address which vulnerability?

I've responded to Tomas off list regarding these issues since our advisories 
have not yet been made available.  We have 4 advisories to cover the 
individual flaws.  If anyone else wants further details in the meantime, feel 
free to get in touch off list but I'll likely only respond to people I can 
validate (i.e. package maintainers for the distros etc).

Tim
-- 
Tim Brown
<mailto:tmb@...35.com>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ