Date: Thu, 11 Jun 2015 09:54:26 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Possible CVE Requests: libmspack: several issues -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > null pointer dereference on a crafted CAB: > - https://bugs.debian.org/774665 Use CVE-2014-9732. > CHM decompression: division by zero > - https://bugs.debian.org/774725 Use CVE-2015-4467. > CHM decompression: pointer arithmetic overflow > - https://bugs.debian.org/774726 Relative to the http://anonscm.debian.org/cgit/collab-maint/libmspack.git/commit/?id=a25bb144795e526748b57884daf365732c7e2295 commit, use CVE-2015-4468 for the issues resolved by fix-pointer-arithmetic-overflow.patch and use CVE-2015-4469 for the issue resolved by fix-name-field-boundaries.patch. (Note that these were originally combined within the diff included in the https://bugs.debian.org/774726#3 message.) The fix-name-field-boundaries.patch is about missing input validation and can't have the same CVE ID as the two cases where the only change was from a "p + name_len > end" test to a "name_len > end - p" test. > off-by-one buffer over-read in mspack/mszipd.c > - https://bugs.debian.org/775498 Use CVE-2015-4470. > off-by-one buffer under-read in mspack/lzxd.c > - https://bugs.debian.org/775499 Use CVE-2015-4471. The vendor notes that the later-problematic code had been valid before 2006-08-31. > CHM decompression: another pointer arithmetic overflow > - https://bugs.debian.org/775687 Use CVE-2015-4472. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVeZJSAAoJEKllVAevmvmsql4H/2k7qmN/J0L5i7nuticZBbm6 dQEHjoH4wK5n7bMoKeBVC2LAr+hlV6L5dxkfUCAknf4JwxnUCwBh27ewpGj7V5uW JrOSeKUkq6LHPyScB5cZPeAagqDEzp42eNZbVJ0J44qlBRMjJkaLkuXDMR6DHaW9 am5vka2/zmDZgYYbdByleQnr1oB6NPGsl0cKxgZs73PxY96dr+T5E9L4njsa199Y AxIo1ULaZ8k4AEN1OqqBTxWOI3GDj3GlWSrCPzwPyXBIz2gw6OYdd1gMoqpdEuM/ Z12I1gCdlZ3riDtBO/BMS8hW/lAcHccigao+fQegGEppCAaXPLVdZ/0qrLIsmhA= =NsCS -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ