Date: Mon, 6 Jun 2016 15:54:13 +0200 From: Adam Maris <amaris@...hat.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions On 15/05/16 09:05, Gustavo Grieco wrote: > 2016-05-11 0:36 GMT+02:00 Brian May <brian@...uxpenguins.xyz>: >> Just did a git bisect against the source. Assuming I got this right, the >> following commits fixed the issue. > Thanks for taking the time to do the git bisect! > >>>> They affect the following functions: >>>> * rsvg_cairo_pop_discrete_layer - rsvg_cairo_pop_render_stack - >>>> rsvg_cairo_generate_mask: reproducible using circular-1.svg >>> Use CVE-2016-4347. >> Fixed in: >> >> commit a51919f7e1ca9c535390a746fbf6e28c8402dc61 >> Author: Benjamin Otte <otte@...hat.com> >> Date: Wed Oct 7 08:45:37 2015 +0200 >> >> rsvg: Add rsvg_acquire_node() >> >> This function does proper recursion checks when looking up resources >> from URLs and thereby helps avoiding infinite loops when cyclic >> references span multiple types of elements. > > I think CVE-2016-4347 and CVE-2015-7558 (stack exhaustion due to > cyclic dependency, reported here: > http://www.openwall.com/lists/oss-security/2015/12/21/5) are in fact, > the same issue. This is probably my fault (sorry!). > > MITRE: We should reject the the newly assigned one? > > Regards, > Gustavo. CC'ing MITRE in case they missed this question. We confirm it is a duplication. Which CVE should be rejected? Thanks! -- Adam Mariš, Red Hat Product Security 1CCD 3446 0529 81E3 86AF 2D4C 4869 76E7 BEF0 6BC2
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ