Date: Mon, 16 Apr 2012 13:32:04 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Huzaifa Sidhpurwala <huzaifas@...hat.com>, jpff@...bath.ac.uk Subject: Re: CVE Requests: Multiple security flaws in csound5 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/15/2012 11:28 PM, Huzaifa Sidhpurwala wrote: > Hi Folks, > > Multiple security flaws were reported in csound5, details below. > Can CVE ids be please assigned to these issues? > > 1. Integer overflow leading to buffer overflow in pv_import > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=810802 > http://secunia.com/secunia_research/2012-7/ There seems to be two > patches for this issue. The earlier fix was incomplete and a second > patch had to be applied later. Please use CVE-2012-2106 for this issue. > 2. Integer overflow leading to buffer overflow in lpc_import > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=810807 > http://secunia.com/secunia_research/2012-6/ Though the commit date > does not match up with the date described in the secunia advisory, > this is the only commit which seems to match the flaw description. Please use CVE-2012-2107 for this issue. > 3. Stack-based buffer overflow in lpc_import Reference: > https://bugzilla.redhat.com/show_bug.cgi?id=810810 > http://secunia.com/secunia_research/2012-4/ Please use CVE-2012-2108 for this issue. > > John, Can you please review the patches and let us know if they > are correct? > > Thanks! > - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPjHO0AAoJEBYNRVNeJnmTuuAQALefXrzioF+P9zVyGIEf7Mkf Ya63UHvrV4MBAvy8H0qokWCRldqWF/MdTUwkXEptx/wJKjtVolxZUmpvlHEPuliY uz9PK2y1JlGJ1/Gw5xIg1Wtd8fkESefTFEjJWGlUrmGhExnWujPtv2Ya9Ehw/Itx K9wzz6OInQiJNTM71WClMUaPImz9ba7x+8yuprpJMtgl0DxwVMRGjy5rdUTXRlO4 TTyMbW78YizlrgmCvHyJJDq8EBEidxlR6uzPxVwA03TuRxdMFQ/xk7tF614wkwtM oXiohU2TTvpCYau7Kj0/eqdwpDppH0uFI++k6LWttBh1VvowYn8oKkzjD6ihuRNR 9ne6KQalj1BzI7geXBRLar6DIlsPYJiRjdxGSmQ8K+MalaQ+b7En4tHIivLajiLj TqZlZ2zmGYUkFsCCJQqhxNOTzD80aRXJB/OsCt4C96dEYXzl3WW9/dtyZcAQMPJP tElfmgnR8ToUm3Dje29PO23/y2P++JLVYGKxo8dpBlX9238Mg7Rrpslk57w6MOxJ PNqPTDRetSxgfVD6Dw1y3x0to6Xblk/fMJYikMQeuT+I6k6MHACt2eKi5gBwu4lE hHJRJ9G3fmNyR/eshiJnjbW9W60nGC2hickYONAPyqu1oS8ls+soYx+TrU8CHuAM nzH15pbNUNC4hT6FdQMm =6g+2 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ