Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Oct 2012 08:16:58 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: libproxy PAC downloading buffer overflows

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/12/2012 08:02 AM, Matthias Weckbecker wrote:
> On Friday 12 October 2012 15:46:47 Kurt Seifried wrote:
>> On 10/12/2012 02:43 AM, Tomas Hoger wrote:
>>> Hi!
>>> 
>>> libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:
>>> 
>>> http://code.google.com/p/libproxy/source/detail?r=853 
>>> https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
>>
>>
>>> 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504
>> 
>>> Upstream announcement also mentions another issue -
>>> CVE-2012-4505. It is related, but different problem that was
>>> found in pre-0.4 versions while investigating if they were
>>> affected by CVE-2012-4504.
>>> 
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505
>> 
>> Please use CVE-2012-4521 for this issue.
> 
> Wasn't this rather a CVE notification than a CVE request? At least
>  it looked like this to me. The announcement mentions two CVE.
> 
> Matthias
> 

Please REJECT CVE-2012-4521, sorry I literally just woke up and can't
read so good it seems. Mea culpa.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQeCZaAAoJEBYNRVNeJnmTw/4QALxRjQNmDcaTVp3F1J+dESnU
JZLy2QX22cfgXIj6SW4bZI8CMSCfUHfiYsPcOMTnSNsKpCZIb/HonhIfqyuRQilU
ZLuPiA9DsUqlgD7MXCsQIXbSia3oNusWgh7Me5ntaA601mWFZFS9E3HWM4UY1m7W
iq7LuF2Q+9ZKvgw9kETIYAUnjo78ZtqYImBaE1ZAS2+vxTuIg30hbt3eMBksgsW8
LPYgA6REetSkyi6kxoV02avhcASBh20mIvrABH0KWqXr6+Ivw4BxUddbXbnwTYJP
eZvei439bypDnU6t+a+Jqd2MFIWNifSyqsGu3gkgX2P72xDGMBhUVdX/bNu3ditI
SBo3DfH+vueE4wclQhlRyu6apBna4kPXnJM2wtiK1k+ND7HNUT/H5z8isLA0m4NH
Ci5jpHtq8OQTFxlpwjmHfhWERsRhWI/JDfkKWu/ovR836hNolBCU8/2UihV4MQKO
Uivf3/JbkkIB1BM55Yv5uUVEIVjxT6mzEFWjUbP0PLrQlKa6SFAXRRtYTHk/hnCt
h1qInmrzrovwZiansGs9Sm4X6gW2N+0hiAsMJUb6PuTRlqGqKfwmc0HexxbCpOw1
yQ/k9Z/PBHMVhiVlro7sFdHUqeak60cIDRXJzamOG96HlQC0W3TJ8QXJQgFdySBL
uZ26meQPR3om/cvPe1m8
=GvzZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ