Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Jun 2014 07:43:51 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: CVE Assignments MITRE <>
Subject: Confusion on CVE-2014-0235


I noticed that CVE-2014-0235 apparently was used twice:

CVE-2014-0235 file: extensive backtracking in awk rule regular
expression (incomplete fix for CVE-2013-7345):


But then also for Microsoft Internet Explorer 9: "Microsoft Internet
Explorer 9 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted web site, aka
"Internet Explorer Memory Corruption Vulnerability," a different
vulnerability than CVE-2014-1751 and CVE-2014-1755.".


Would be appreciated if you can clarify which is correct and how to
reference the file issue.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ