Date: Sat, 25 Apr 2015 16:40:10 +0200 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org, xorg_security@...rg Subject: Re: Re: CVE request: X server crash by client On Fri, Apr 24, 2015 at 11:22:20PM -0400, cve-assign@...re.org wrote: > > We got notified that the fix for CVE-2014-8092 introduced the possibility > > of a division by 0 when the "height" for the PutImage call is 0, leading > > to X server abort. > > > > This was already fixed in January in X git. > > http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b > > > > As this is a local denial of service, but might be triggerable by images with 0 height > > supplied externally, it might need a CVE. > > Use CVE-2015-3418. thanks! > > https://bugzilla.novell.com/show_bug.cgi?id=928520 > > This currently doesn't seem to be a public bug - we don't know whether > that's intentional. opened it... was not open as it was under another product before. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ