Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 14:06:01 -0400 (EDT)
From: cve-assign@...re.org
To: ya1gaurav@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, veillard@...hat.com
Subject: Re: Crafted xml causes out of bound memory access - Libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugzilla.gnome.org/show_bug.cgi?id=744980
> https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
> https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Use CVE-2015-7941 for the discussion in 744980 up to and including
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c7 (this includes
a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 and
9b8512337d14c8ddf662fcb98b0135f225a1c489).

Use CVE-2015-7942 for
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8 and
https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0 (i.e., the
finding by a different person, Kostya Serebryany).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWKSUjAAoJEL54rhJi8gl58XQP/RXrnErqOvcw9ElDbKhsp0h/
Mak8M9kVw/KFUkTCm5KLSwm5pO0Lgze0ZE7B5OxYtu1ngv0omFFuYuWMNRS3RjPE
quzdCp6lCkHqt28xTlX2wRhcXTYfcmP/JkHX8e2EYwOPoBQeGqa5jCvygPqxtKNf
Af8uydmrduY9Q/WE6MoaA5OAg9HEb+XEYbR/ErTA/K+OxERq61T0FwdNp4Vew3NH
pdCkav5zKzJ4IVJoFTQK1+NskrfePqa+GgyKsXz3aDIf4QLIrySzeT5ez/92TNx8
HU9BaNz+nF7r9LjnQhCpvBnzkYdlBhn3nbC0FtcjRIZpelcxSagphQ9G7McyP/v/
KCxCMalxdTq5iUP+7KqFUqQXYdVJrO16UrEMbx+m48C3uHMMnmlGsPHKvIoKUKzQ
OLLZ0jfAykCuCCuCP9gjIP8d8GZDYAHCkJJJKzaW2LlWOUxOu6oxUZ4PhXmawx4w
w6wQOifqCXXAFKjds22UmdZYChS7hWt/IUhlPUX72iNCPZZYjJ40MqBfCOWWrV1L
hLCHI3p9jxIWAKr4/BDjQ5sZ2qg5wVmLSn4y92RNCCEegN8ql6BXAJGAsQ0vmj4X
5HC/wjwYd9rdtTuPaCbknjcyy4pnSGzL79gEq3DBGINgbf7HkOSrGGZ6fEz5mnRS
jRpHVm+5t4HWLzt3fX/z
=UQwo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ