Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Sep 2012 14:34:53 +0200
From: Nico Golde <>
Subject: CVE id request: tor

from the tor release notes[0]:
Changes in version - 2012-09-11
  Tor fixes two more opportunities for remotely triggerable 

  o Security fixes:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on
    - Do not crash when comparing an address with port value 0 to an
      address policy. This bug could have been used to cause a remote
      assertion failure by or against directory authorities, or to
      allow some applications to crash clients. Fixes bug 6690; bugfix

I have not seen CVE ids for these issues.
Can you assign ids for them?


Kind regards

Nico Golde - - - GPG: 0xA0A0AAAA

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ