Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Jan 2015 09:36:01 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: two issues in vorbis-tools

On Thu, 22 Jan 2015 11:50:16 -0500 (EST)
cve-assign@...re.org wrote:

> 
> On Wed, 21 Jan 2015, Hanno Böck wrote:
> 
> > On Wed, 21 Jan 2015 13:50:46 +0100
> > Martin Prpic <mprpic@...hat.com> wrote:
> >
> >> Two issues were reported in vorbis-tools on Full Disclosure:
> >>
> >> http://seclists.org/fulldisclosure/2015/Jan/78
> 
> CVE-2014-9638 - https://trac.xiph.org/ticket/2137 (division by zero)
> 
> CVE-2014-9639 - https://trac.xiph.org/ticket/2136 (integer overflow)

These two also affect opusenc.
I don't know if this deserves more CVEs, because these issues are
likely minor, but wanted to note it for completeness. It is a
different software package. I'll add comments to the corresponding bug
reports.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ