Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Dec 2015 21:31:18 -0500 (EST)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugs.gentoo.org/show_bug.cgi?id=569010

> http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557

>> So in codeconv.c there is a function for japanese character set
>> conversion called conv_jistoeuc(). There is no bounds checking on the
>> output buffer, which is created on the stack with alloca().

>> http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
>>
>> conv_jistoeuc
>> conv_euctojis
>> conv_sjistoeuc

The original discoverer found a conv_jistoeuc issue, and then the
vendor apparently also found conv_euctojis and conv_sjistoeuc issues.
However, we don't see an indication that these issues arose in
independent ways. (Also, there is no vendor statement that
conv_euctojis or conv_sjistoeuc is exploitable.) It seems best to
assign CVE-2015-8614 to the combination of the conv_jistoeuc,
conv_euctojis, and conv_sjistoeuc issues.


> This version also fixes two oob errors I reported, I don't think
> they're security risks

There are currently no CVE IDs for these:

  http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3559

  We think this might mean that there is a bug in code supporting
  the UI, triggerable with UI interaction and not triggerable with
  any untrusted input.


  http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3563

  There isn't a statement of a security impact. If there is data loss
  in a realistic scenario, then a CVE ID can be assigned. For example,
  the user is in the middle of composition of a long outbound message
  and pauses to read a new inbound message containing a
  "List-Archive: <" line, and then there is a crash causing the entire
  composition to be irretrievably lost.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWeLVXAAoJEL54rhJi8gl5OKcP/2Wht3iy1rvLGBP1c49DfvMb
elsgsowxPnNHDuY3eNbY7VuKvfK+LR4aLafK/puq/x9f8RW5RAN4iPEgYwuoZ36I
2Jlfr9phP4F/s3AElMlLlnw2a0VsK7q77qiQCpSIORSxettjaaSMe0ANnA0aIm9B
zwQDjGtR+g/c6BHmCgNtWy/xtx31v76Cueu2h2kI6ChiXXD9ogpo/QsPJESyk8Cm
B7fXXfgpj0fz/3naVobU4tnCoJe8fLrI1iwkyfpWIf8zk/JLX6SlbulK8RkwyJgM
mxZAHlmNNyb3N2/DGO6vj5BXxoAuOaJ13FVIOlTngIcbdv6jijfcrZ4h9YP3V3h7
2bxp8kh/PL9us6XrlH5H70yFNXUvgHXK5VYEtd3uQZPE/Sn9e7YlAbOSriyvZSZ0
P85BSDFUZgTwvI/G/iP6moMeclpDJ85I853IGKiDMvamLK8/6X8x75zzZTqIJHIs
pxZsrnbBDW+E9574KHuHtO5IohdNKpAVx2cP7ooVTvs4F//rxIGta0UUV+eW7Pxi
XVHAi358cFE33C8ZDldJTygIkaZz3pRfoK0WYKKV0RrlpxOoRnLwDBZW4qeru+VM
Cdcl/I627zbOcNu7gHE1HOX9CVzeDAFZxg6duqRsBHbECimJyI+hyVoAQGYj8Ard
GvKWDNciI/GdMgvBe3hc
=C4ff
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ