Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Aug 2015 10:47:46 -0400 (EDT)
From: Siddharth Sharma <siddharth@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Duplicate Wireshark CVEs?

Hi,

Any information available on why both Wireshark CVEs
CVE-2015-3811 CVE-2015-2188 point to one fix ?

Thanks
-----------------------------------------------------------------
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A 
Fingerprint :  0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A 


----- Original Message -----
From: "Martin Prpic" <mprpic@...hat.com>
To: oss-security@...ts.openwall.com
Sent: Monday, August 10, 2015 4:15:31 PM
Subject: [oss-security] Duplicate Wireshark CVEs?

Hello,

It looks like the following two Wireshark advisories fix the same flaw:

https://www.wireshark.org/security/wnpa-sec-2015-14.html
https://www.wireshark.org/security/wnpa-sec-2015-07.html

Both fix a flaw in the WCP dissector and refer to the following bug:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844

Is there a reason two CVEs were assigned for this, or should one of them
be rejected?

Thanks!

RH bugs:
https://bugzilla.redhat.com/CVE-2015-2188
https://bugzilla.redhat.com/CVE-2015-3811

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ