Date: Fri, 23 Jan 2015 09:36:01 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: CVE request: two issues in vorbis-tools On Thu, 22 Jan 2015 11:50:16 -0500 (EST) cve-assign@...re.org wrote: > > On Wed, 21 Jan 2015, Hanno Böck wrote: > > > On Wed, 21 Jan 2015 13:50:46 +0100 > > Martin Prpic <mprpic@...hat.com> wrote: > > > >> Two issues were reported in vorbis-tools on Full Disclosure: > >> > >> http://seclists.org/fulldisclosure/2015/Jan/78 > > CVE-2014-9638 - https://trac.xiph.org/ticket/2137 (division by zero) > > CVE-2014-9639 - https://trac.xiph.org/ticket/2136 (integer overflow) These two also affect opusenc. I don't know if this deserves more CVEs, because these issues are likely minor, but wanted to note it for completeness. It is a different software package. I'll add comments to the corresponding bug reports. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ