Date: Fri, 05 Feb 2016 15:32:29 -0500 From: anarcat <anarcat@...ngeseeds.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression So from what I understand, this issue is only related to the *sample* code in php-openid, correct? You also report that this code is in "use verbatim" in "the vast majority of sites", yet looking at the Debian code base, the only samples of that code I could find are in php-openid itself and the SAML library: https://codesearch.debian.net/search?perpkg=1&q=getTrustRoot (jglobus seems to be a false positive there) I have reviewed the usage of the openid.realm field in the Debian source code and, in general, it doesn't seem to use the `Host:` header: https://codesearch.debian.net/search?perpkg=1&q=openid.realm Furthermore, I am not sure the attack works even on the theoritical level: how would the user reach the proper website if the Host header is changed? A. -- Never attribute to malice that which can be adequately explained by stupidity, but don't rule out malice. - Albert Einstein
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ