Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed,  3 Sep 2014 23:52:29 -0400 (EDT)
From: cve-assign@...re.org
To: taviso@...gle.com, kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: heap overflow in procmail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> I noticed a heap overflow in procmail when parsing addresses with
>> unbalanced quotes.

>> formisc.c

>> $ formail -s < mbox > /dev/null
>> *** Error in `formail': free(): invalid next size

> CVE-2014-3618 for this issue

The CVE team at MITRE agrees that CVE-2014-3618 can continue to
be used for this formail issue.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUB+GEAAoJEKllVAevmvmsIo4IAMFI3Ya78DjKWrGZatHQL8jj
fb0GdS5r9dKpuhU3Pyoj30YzEwJwCOF1mkIY9iCb/KPpVMdyDcxKWIf7bKe9kibe
n+OfziWTn//W04yjCH02kEPRsyKQs46oQH1YUnV4Z32OKedGeeDhZPdQ5fj8VO0E
m4OA657P45VhhiWPYY3xmVdGj8l7nnsl2ABTZRp6Ya7i9AC0SGIYA1au1exMkIHl
daEwcLVGaU+BONAoZ6MUIhF6F07O3IxYJ0v6/079uTT9Bs3Ct3fjucpi45GMo90n
hNewEWTGVjkn4rzTTWvyAiwdeFYyzii5CGseWQnDiP3qGWNdXQwGLLy8yFIF9/c=
=1LSS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ