Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Feb 2014 00:56:42 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE request: hexchat buffer overflow

Can I get 2013 CVE for buffer overflow issue in hexchat, thanks.

Bug report: https://github.com/hexchat/hexchat/issues/463
Fixed in commit: https://github.com/hexchat/hexchat/commit/8996baa35ee12556a7bf402e3568193dbafec5f1
Exploit: http://packetstorm.igor.onlinedirect.bg/1304-exploits/hexchat-overflow.txt
More information: http://osvdb.org/92115

hexchat was recently accepted to Debian unstable:
http://packages.qa.debian.org/h/hexchat.html

I haven't verified this vulnerability or exploit.

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ