Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 30 Jun 2014 07:43:51 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: Confusion on CVE-2014-0235

Hi

I noticed that CVE-2014-0235 apparently was used twice:

CVE-2014-0235 file: extensive backtracking in awk rule regular
expression (incomplete fix for CVE-2013-7345):

 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0235

But then also for Microsoft Internet Explorer 9: "Microsoft Internet
Explorer 9 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted web site, aka
"Internet Explorer Memory Corruption Vulnerability," a different
vulnerability than CVE-2014-1751 and CVE-2014-1755.".

 * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0235

Would be appreciated if you can clarify which is correct and how to
reference the file issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.