Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Jun 2014 07:43:51 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: Confusion on CVE-2014-0235

Hi

I noticed that CVE-2014-0235 apparently was used twice:

CVE-2014-0235 file: extensive backtracking in awk rule regular
expression (incomplete fix for CVE-2013-7345):

 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0235

But then also for Microsoft Internet Explorer 9: "Microsoft Internet
Explorer 9 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted web site, aka
"Internet Explorer Memory Corruption Vulnerability," a different
vulnerability than CVE-2014-1751 and CVE-2014-1755.".

 * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0235

Would be appreciated if you can clarify which is correct and how to
reference the file issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ