Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 11 Jun 2015 09:54:26 -0400 (EDT)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Possible CVE Requests: libmspack: several issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> null pointer dereference on a crafted CAB:
>  - https://bugs.debian.org/774665

Use CVE-2014-9732.


> CHM decompression: division by zero
>  - https://bugs.debian.org/774725

Use CVE-2015-4467.


> CHM decompression: pointer arithmetic overflow
>  - https://bugs.debian.org/774726

Relative to the
http://anonscm.debian.org/cgit/collab-maint/libmspack.git/commit/?id=a25bb144795e526748b57884daf365732c7e2295
commit, use CVE-2015-4468 for the issues resolved by
fix-pointer-arithmetic-overflow.patch and use CVE-2015-4469 for the
issue resolved by fix-name-field-boundaries.patch. (Note that these
were originally combined within the diff included in the
https://bugs.debian.org/774726#3 message.) The
fix-name-field-boundaries.patch is about missing input validation and
can't have the same CVE ID as the two cases where the only change was
from a "p + name_len > end" test to a "name_len > end - p" test.


> off-by-one buffer over-read in mspack/mszipd.c
>  - https://bugs.debian.org/775498

Use CVE-2015-4470.


> off-by-one buffer under-read in mspack/lzxd.c
>  - https://bugs.debian.org/775499

Use CVE-2015-4471. The vendor notes that the later-problematic code
had been valid before 2006-08-31.


> CHM decompression: another pointer arithmetic overflow
>  - https://bugs.debian.org/775687

Use CVE-2015-4472.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVeZJSAAoJEKllVAevmvmsql4H/2k7qmN/J0L5i7nuticZBbm6
dQEHjoH4wK5n7bMoKeBVC2LAr+hlV6L5dxkfUCAknf4JwxnUCwBh27ewpGj7V5uW
JrOSeKUkq6LHPyScB5cZPeAagqDEzp42eNZbVJ0J44qlBRMjJkaLkuXDMR6DHaW9
am5vka2/zmDZgYYbdByleQnr1oB6NPGsl0cKxgZs73PxY96dr+T5E9L4njsa199Y
AxIo1ULaZ8k4AEN1OqqBTxWOI3GDj3GlWSrCPzwPyXBIz2gw6OYdd1gMoqpdEuM/
Z12I1gCdlZ3riDtBO/BMS8hW/lAcHccigao+fQegGEppCAaXPLVdZ/0qrLIsmhA=
=NsCS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ