Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 Oct 2010 15:41:29 -0600
From: Vincent Danen <>
To: Gerald Combs <>
Subject: Re: CVE requests: Poppler, Quassel, Pyfribidi,
 Overkill, DocUtils, FireGPG, Wireshark

* [2010-10-01 13:33:47 -0700] Gerald Combs wrote:

>Vincent Danen wrote:
>> * [2010-09-29 15:06:31 -0400] Josh Bressers wrote:
>>>> 7. Wireshark BER dissector
>>> This one looks like a stack overflow, the advisory isn't very clear, but
>>> claims there are two possible outcomes. We can always split later if
>>> needed.
>>> CVE-2010-3445
>> Gerald, are you aware of this issue?  Do you have further details
>> regarding it?  I poked around in bugzilla a bit but couldn't find
>> anything.
>> It claims 1.4.0, but is not clear as to whether or not older versions
>> are affected.
>It's been fixed in the trunk (r34111) and is scheduled for inclusion in
>1.4.1 and 1.2.12. We're tracking it in bug 5230:
>The bug affects all BER dissectors and not just SNMP.

Great.  Thank you for the information, Gerald.  That is very helpful.

Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ