Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Dec 2015 21:31:18 -0500 (EST)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugs.gentoo.org/show_bug.cgi?id=569010

> http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557

>> So in codeconv.c there is a function for japanese character set
>> conversion called conv_jistoeuc(). There is no bounds checking on the
>> output buffer, which is created on the stack with alloca().

>> http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
>>
>> conv_jistoeuc
>> conv_euctojis
>> conv_sjistoeuc

The original discoverer found a conv_jistoeuc issue, and then the
vendor apparently also found conv_euctojis and conv_sjistoeuc issues.
However, we don't see an indication that these issues arose in
independent ways. (Also, there is no vendor statement that
conv_euctojis or conv_sjistoeuc is exploitable.) It seems best to
assign CVE-2015-8614 to the combination of the conv_jistoeuc,
conv_euctojis, and conv_sjistoeuc issues.


> This version also fixes two oob errors I reported, I don't think
> they're security risks

There are currently no CVE IDs for these:

  http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3559

  We think this might mean that there is a bug in code supporting
  the UI, triggerable with UI interaction and not triggerable with
  any untrusted input.


  http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3563

  There isn't a statement of a security impact. If there is data loss
  in a realistic scenario, then a CVE ID can be assigned. For example,
  the user is in the middle of composition of a long outbound message
  and pauses to read a new inbound message containing a
  "List-Archive: <" line, and then there is a crash causing the entire
  composition to be irretrievably lost.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWeLVXAAoJEL54rhJi8gl5OKcP/2Wht3iy1rvLGBP1c49DfvMb
elsgsowxPnNHDuY3eNbY7VuKvfK+LR4aLafK/puq/x9f8RW5RAN4iPEgYwuoZ36I
2Jlfr9phP4F/s3AElMlLlnw2a0VsK7q77qiQCpSIORSxettjaaSMe0ANnA0aIm9B
zwQDjGtR+g/c6BHmCgNtWy/xtx31v76Cueu2h2kI6ChiXXD9ogpo/QsPJESyk8Cm
B7fXXfgpj0fz/3naVobU4tnCoJe8fLrI1iwkyfpWIf8zk/JLX6SlbulK8RkwyJgM
mxZAHlmNNyb3N2/DGO6vj5BXxoAuOaJ13FVIOlTngIcbdv6jijfcrZ4h9YP3V3h7
2bxp8kh/PL9us6XrlH5H70yFNXUvgHXK5VYEtd3uQZPE/Sn9e7YlAbOSriyvZSZ0
P85BSDFUZgTwvI/G/iP6moMeclpDJ85I853IGKiDMvamLK8/6X8x75zzZTqIJHIs
pxZsrnbBDW+E9574KHuHtO5IohdNKpAVx2cP7ooVTvs4F//rxIGta0UUV+eW7Pxi
XVHAi358cFE33C8ZDldJTygIkaZz3pRfoK0WYKKV0RrlpxOoRnLwDBZW4qeru+VM
Cdcl/I627zbOcNu7gHE1HOX9CVzeDAFZxg6duqRsBHbECimJyI+hyVoAQGYj8Ard
GvKWDNciI/GdMgvBe3hc
=C4ff
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.