Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 6 Jan 2015 10:39:33 +0100
From: Vasyl Kaigorodov <vkaigoro@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: dir traversal in elfutils

Hello everyone,

> >Initial (terse) report:
> >https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004499.html
> >
> >Fix (with analysis in commit message):
> >https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
>
> Use CVE-2014-9486.

Something is not quite correct here, wasn't CVE-2014-9447 assigned to
this already?

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447

Thanks.
-- 
Vasyl Kaigorodov | Red Hat Product Security
PGP:  0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828
On Sat, 03 Jan 2015, cve-assign@...re.org wrote:

> 
> On Mon, 29 Dec 2014, Alexander Cherepanov wrote:
> 
> >Hi!
> >
> >A dir traversal vuln is fixed in elfutils:
> >
> >Initial (terse) report:
> >https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004499.html
> >
> >Fix (with analysis in commit message):
> >https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
> >
> >At least versions 0.152 and 0.161 are affected.
> >
> >Could CVE please be assigned?
> >
> 
> Use CVE-2014-9486.
> 
> ---
> 
> CVE assignment team, MITRE CVE Numbering Authority M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ