Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Apr 2015 23:22:20 -0400 (EDT)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, xorg_security@...rg
Subject: Re: CVE request: X server crash by client

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> We got notified that the fix for CVE-2014-8092 introduced the possibility
> of a division by 0 when the "height" for the PutImage call is 0, leading
> to X server abort.
> 
> This was already fixed in January in X git.
> http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
> 
> As this is a local denial of service, but might be triggerable by images with 0 height
> supplied externally, it might need a CVE.

Use CVE-2015-3418.

> https://bugzilla.novell.com/show_bug.cgi?id=928520

This currently doesn't seem to be a public bug - we don't know whether
that's intentional.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVOwe3AAoJEKllVAevmvms170IALWrHYmuCpdiUYi5wSfexpd2
3YhS+UQTpZnhxYbZSF3kfM++MVXE5SuOen+5sfXNum2Y1ekbLTRbGEj7ausfzVI9
JouLh7UV7L3Eu/1JCyFBua3RLPyiPAJI0+XakQa4byK1FJn4ltsdntH+fwoVyk5t
uILMXDj6EA5n4gSokRJRm01gDvmeTw55HtQe57DZSRt48zCwv+BgIm8+JhpFsTFU
LmH4DtbAUyYWi1eWYDrLE7HBkE6hXtX2flPoxRHi48Ery+nNwX63pL2Qt077bgd8
W329vXc8fSkDpHzd5d6SlSQ5oaA9aSwVdWVPoqV397+wyTCpH1fZT/YdaN4XiZs=
=+GPK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.