Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu,  6 Aug 2015 20:40:58 -0400 (EDT)
From: cve-assign@...re.org
To: dfs@...ringpenguin.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - remind 3.1.14 and earlier - buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Please issue a CVE number for this vulnerability:
> 
> http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html
> 
> Patch fixing the problem is below.  Remind home page is at
> https://www.roaringpenguin.com/products/remind
> 
> var.c
> DumpSysVar
> +    if (name && strlen(name) > VAR_NAME_LEN) {
> +	fprintf(ErrFp, "$%s: Name too long\n", name);
> +	return;

Use CVE-2015-5957.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVw/4wAAoJEKllVAevmvmsWTkH/iu9zwaHEbrkCf3RlzR1KS+M
/9mlDRIjxy2eGy+od26yxi/rH1ntnIQuCOc/nUdqYlFfFeDRoniSJj2Ht7dDXEi5
MDLu7/djiQIU+0e8bZje7TEhW+CaDrs3UugzaHG6fJ3i3QWnnwXnElDrTVHSZf5B
ffIWIdOwazrecboVWft0V3atogtaWvKBdEE1y9m/3+PWrzaShdF2yTsJFxECq8tg
db7iTzanx0vIEvD5Jzpq3PnoyYXkV7Q+p9hpmxVkc922DBTUNlNnT/04BtKoeC3a
hTx+dHXxmOU532gIfR/m3cnLLuprvyWjDpZuQ9ByuEZwjwo4CEeI6XkRVAko2eo=
=uWHj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ