Date: Mon, 30 Jun 2014 07:43:51 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: Confusion on CVE-2014-0235 Hi I noticed that CVE-2014-0235 apparently was used twice: CVE-2014-0235 file: extensive backtracking in awk rule regular expression (incomplete fix for CVE-2013-7345): * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0235 But then also for Microsoft Internet Explorer 9: "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755.". * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0235 Would be appreciated if you can clarify which is correct and how to reference the file issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ