Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 20 Aug 2012 23:45:27 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Xml-Light has been moved to google code SVN here :
http://ocamllibs.googlecode.com/svn/trunk/xml-light/

I've applied a fix in r234 by using String Map instead of Hashtbl for
DTD proof.

Best,
Nicolas

Please use CVE-2012-3514 for this issue.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQMyB2AAoJEBYNRVNeJnmT2LsP/R61a+0G7wbAr3wJ6UUrZnZQ
uxjWASbL1gPUQ0S/Oglo3VPBddgT63DiEHEZ43pjZAwe7kmfvPFCFNbWlGn7sfVT
M06U44AXArfmyBmutCJJl9iqPTIWN7lgC9QvrjMEcXc+rLod3gNodMiKVRSXhSkm
Kva9SOwI/iyVAhjSYlMGf/FVwhyOJb4eB3IqXGGaTheoVEoJyxrMoqOhI2+o8jnC
6r4paBkNs5N7MnjmoSnGWtra1Ndm6ZFG/d015LUcE4poU8D2nPkfQx8LaVMR7xPk
ZEaJNClAseZ0bcKRugxZ5ROlbkA1wW/2sGADV8MsdaQiC01dp1TgtqmlA4WFX1rr
wBUY5Y5ZzoEpmWHPAG7SsY1gN+rNiOQtAjXwxxX8N3YpclRE5N7a88YfoqfEPjAa
SkkePgXTHznIl+CQG5w4W+mtXd2Ui/HLnkdyLRUpq7/O/DVCgT3YJE/KUeyYGLuK
lHJ4NoJX2WV4BurhmfV0mMhyRJii0L/c7KzSwD+vR2A2D7fBOZMfGnDzL8lCTI9K
mTn0doedKWGVt+YjE+agOsKkOALGpHVlUmJQQnRDofEJ/gq4Mvi1/d9C0OWxYokY
qF7tp982t+fNVxJMGsums8sVhWrdnaSZAhjwiHuLMTPUP+O+UOIYCcW29wGwJrU1
hwhBkaWtQuw/j9nY7OM8
=CEnw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ