Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Oct 2012 08:16:58 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: libproxy PAC downloading buffer overflows

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/12/2012 08:02 AM, Matthias Weckbecker wrote:
> On Friday 12 October 2012 15:46:47 Kurt Seifried wrote:
>> On 10/12/2012 02:43 AM, Tomas Hoger wrote:
>>> Hi!
>>> 
>>> libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:
>>> 
>>> http://code.google.com/p/libproxy/source/detail?r=853 
>>> https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
>>
>>
>>> 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504
>> 
>>> Upstream announcement also mentions another issue -
>>> CVE-2012-4505. It is related, but different problem that was
>>> found in pre-0.4 versions while investigating if they were
>>> affected by CVE-2012-4504.
>>> 
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505
>> 
>> Please use CVE-2012-4521 for this issue.
> 
> Wasn't this rather a CVE notification than a CVE request? At least
>  it looked like this to me. The announcement mentions two CVE.
> 
> Matthias
> 

Please REJECT CVE-2012-4521, sorry I literally just woke up and can't
read so good it seems. Mea culpa.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQeCZaAAoJEBYNRVNeJnmTw/4QALxRjQNmDcaTVp3F1J+dESnU
JZLy2QX22cfgXIj6SW4bZI8CMSCfUHfiYsPcOMTnSNsKpCZIb/HonhIfqyuRQilU
ZLuPiA9DsUqlgD7MXCsQIXbSia3oNusWgh7Me5ntaA601mWFZFS9E3HWM4UY1m7W
iq7LuF2Q+9ZKvgw9kETIYAUnjo78ZtqYImBaE1ZAS2+vxTuIg30hbt3eMBksgsW8
LPYgA6REetSkyi6kxoV02avhcASBh20mIvrABH0KWqXr6+Ivw4BxUddbXbnwTYJP
eZvei439bypDnU6t+a+Jqd2MFIWNifSyqsGu3gkgX2P72xDGMBhUVdX/bNu3ditI
SBo3DfH+vueE4wclQhlRyu6apBna4kPXnJM2wtiK1k+ND7HNUT/H5z8isLA0m4NH
Ci5jpHtq8OQTFxlpwjmHfhWERsRhWI/JDfkKWu/ovR836hNolBCU8/2UihV4MQKO
Uivf3/JbkkIB1BM55Yv5uUVEIVjxT6mzEFWjUbP0PLrQlKa6SFAXRRtYTHk/hnCt
h1qInmrzrovwZiansGs9Sm4X6gW2N+0hiAsMJUb6PuTRlqGqKfwmc0HexxbCpOw1
yQ/k9Z/PBHMVhiVlro7sFdHUqeak60cIDRXJzamOG96HlQC0W3TJ8QXJQgFdySBL
uZ26meQPR3om/cvPe1m8
=GvzZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.