Date: Wed, 04 Mar 2015 11:55:06 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: Invalid pointer dereference in the GNOME librest library The OAuth implementation in librest, a helper library for RESTful services part of the GNOME project, incorrectly truncates the pointer returned by the rest_proxy_call_get_url function call, leading to an application crash, or worse. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644 Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1183982 The security impact was noted in 2015, although the bug was fixed in 2014. -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ