Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 27 Sep 2014 17:01:23 +0100
From: Colin Watson <cjwatson@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Darren Hiebert <dhiebert@...rs.sourceforge.net>
Subject: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript
 file

Hi,

https://bugs.debian.org/742605 was reported some time ago against the
Debian package of Exuberant Ctags (http://ctags.sourceforge.net/); it's
a CPU/disk denial of service that results from attempting to run ctags
over large volumes of public source code.

Upstream fix, determined by bisection:
  http://sourceforge.net/p/ctags/code/791/

As far as I know this was not identified as a security problem upstream,
just fixed as a normal bug in the course of development.  The
sources.debian.net use case turns it into a DoS though.  CCing the
upstream author for his information.

Not affected: 5.6
Affected: 5.8 (the latest release)

Since we'd like to issue patches for this bug as security updates,
please could I have a CVE identifier for this?

Thanks,

-- 
Colin Watson                                       [cjwatson@...ian.org]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ