Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 19 May 2014 02:56:30 -0400 (EDT)
From: cve-assign@...re.org
To: porridge@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libgadu vulnerability: possible memory corruption

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> A crafted message from the file relay server may cause memory to
> beoverwritten. The memory is not overwritten with data sent directly by the
> server, but security implications cannot be ruled out.
> 
> The bug is public:
> http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
> http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html

Use CVE-2014-3775 for the issue as described in the 001180.html
message. It is possible that the 001171.html and 001180.html messages
are referring to exactly the same issue: in that case, there will be
only one CVE ID in total. (The messages are somewhat different -- for
example, 001180.html doesn't directly mention that exploitability is
unproven -- but this may be a wording difference and not anything
inherent about the code in 1.11.x versus 1.12 prereleases.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTearAAAoJEKllVAevmvmsWukH/Ra+3gLP6QfYcqRSqeXf49hR
YHklWJjvWVn1Hy51TEnpaM/pz0SngIVW3Vr+RSHnWBNpeaSOUyIlj5FabBBOEpTu
Jls2oSwP5c5gHWJnCGCKSZUIYYHIaV+m1frefh/WJ8/rnq4QQon54nHv7iAVYSDp
Vq9AA7aSpnuw4diIC5J44e+Kk64GFdcBZUDKRT4w6OxE0+qRuVBj6yploCPFo78f
MQcttoVsyau/J6crgzn6KmKKCEiAdDub2kXYtWPw9NWRZiocDbwaY3TpPfoVjUi3
0mQy5CchaodVlx48YgXqwyqVk23pIH8A6OckRDTJiGbpfHdwRsPcIgoex03G4S0=
=ysDB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ