Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 28 May 2012 10:43:45 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>,
        Mitre CVE assign department <>
Subject: Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned
 to HAProxy issue

Hello Steve, vendors,

previously the CVE identifier of CVE-2012-2391 has been assigned to the following issue:

Today when checking CVE new mail, noticed the CVE-2012-2942 yet:

Name: CVE-2012-2942
Status: Candidate
URL: [Open URL]
Assigned: 20120527
Reference: CONFIRM: [Open URL]
Reference: CONFIRM: [Open URL]
[Open URL]
Reference: BID:53647
Reference: URL: [Open URL]
Reference: SECUNIA:49261
Reference: URL: [Open URL]
Reference: XF:haproxy-trash-bo(75777)
Reference: URL: [Open URL]

Buffer overflow in the trash buffer in the header capture
functionality in HAProxy before 1.4.21, when global.tune.bufsize is
set to a value greater than the default and header rewriting is
enabled, allows remote attackers to cause a denial of service and
possibly execute arbitrary code via unspecified vectors.

Both of these are referring to the same issue.

Steve, CVE-assign could you clarify which CVE id should be kept and
which one should be rejected as duplicate?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ