Date: Tue, 24 Mar 2015 07:15:59 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org, weasel@...ian.org Subject: Re: CVE request: Two vulnerabilities in Tor Hi all, On Mon, Mar 23, 2015 at 07:13:27PM +0100, Moritz Muehlenhoff wrote: > Hi, > please assign two CVE IDs for tor: > > The upstream announcement is here: > https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html > > 1. > | Fix a remote denial-of-service opportunity caused by a bug in > | OSX's _strlcat_chk() function. Fixes bug 15205; bug first > | appeared in OSX 10.9. > > https://trac.torproject.org/projects/tor/ticket/15205 > > 2. > | A relay could crash with an assertion error if a buffer of > | exactly the wrong layout was passed to buf_pullup() at exactly the > | wrong time. > > https://trac.torproject.org/projects/tor/ticket/15083 > > The second issue has been addressed in DSA 3203: > https://lists.debian.org/debian-security-announce/2015/msg00088.html > (the first obviously not, since it's MacOS-specific) There is anothr one which was fixed in the same versions, and could potentially get a CVE: https://trac.torproject.org/projects/tor/ticket/14129 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ