Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 23 Jan 2015 11:53:22 +0200
From: Paris Z <paris8105@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: two issues in vorbis-tools

Hi,

Original poster of the reports here. My original concern was also that
these were minor issues, so I didn't request CVEs. I posted in FD list
because a month has passed and I still haven't received any answers in the
vorbis-tools bug tracker.

2015-01-23 10:36 GMT+02:00 Hanno Böck <hanno@...eck.de>:

> On Thu, 22 Jan 2015 11:50:16 -0500 (EST)
> cve-assign@...re.org wrote:
>
> >
> > On Wed, 21 Jan 2015, Hanno Böck wrote:
> >
> > > On Wed, 21 Jan 2015 13:50:46 +0100
> > > Martin Prpic <mprpic@...hat.com> wrote:
> > >
> > >> Two issues were reported in vorbis-tools on Full Disclosure:
> > >>
> > >> http://seclists.org/fulldisclosure/2015/Jan/78
> >
> > CVE-2014-9638 - https://trac.xiph.org/ticket/2137 (division by zero)
> >
> > CVE-2014-9639 - https://trac.xiph.org/ticket/2136 (integer overflow)
>
> These two also affect opusenc.
> I don't know if this deserves more CVEs, because these issues are
> likely minor, but wanted to note it for completeness. It is a
> different software package. I'll add comments to the corresponding bug
> reports.
>
> --
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno@...eck.de
> GPG: BBB51E42
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ