Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon,  6 Jun 2016 10:21:20 -0400 (EDT)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, amaris@...hat.com
Subject: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> I think CVE-2016-4347 and CVE-2015-7558 (stack exhaustion due to
> cyclic dependency, reported here:
> http://www.openwall.com/lists/oss-security/2015/12/21/5) are in fact,
> the same issue. This is probably my fault (sorry!).
> 
> MITRE: We should reject the the newly assigned one?

Yes, we have rejected CVE-2016-4347 in favor of CVE-2015-7558.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXVYZVAAoJEHb/MwWLVhi23P4P/jRHh7qf6/Iw3JTxwbWOJYAb
vL30dueXHyLZkW+tHhBIk5YTRUfqcozmP8AbWpJ6MImYn9XpIXqyvh3m9b3kSIWX
pXABqX9FwdXhkDaQThsEiSy7IkzMZwSV8LYoZ4o+G4FmL9jwjTh7EUh5t8DXzZlC
bGgDwAtgWwxp5EhtrFHt00QTk9Qb+ShCxOEQGL/g0MXUqRbm4vIO4qrztxfo4Ekn
Oh9RhF+17pzhHJVf9UFIWWtqeUmKGsPPXBm63r0V64297gPpgmnaCo0ssk5Q1wE3
0Z2M63gsjsh8v5OJkL3QCP7hOCy4iPci0Xz0VPIp4V2Rh+qv7ref+K/Jd9Tp8Qpq
5wiWrMSp17ERhn5HT6uEFiSOq8p3uVr/TOXH/UifEuqTrcDJujTucVlLKMuWjGDQ
H/lr0XpRzeSP7kinUpJwQlL9s2qp7M5FE9YgecOt1IxFK6nJ4jrWpQJt9p4IqUZY
RZd972FpwYa3JHdtujZGkczJ1uV8I+qphxoRWJ/QPwzDJKSCuWKwAyD2/zf2VcmB
2trpFGsUaj6jZxrp7YkVyKTDXh2qnrlzrlZR9spJyB49vaeBkoY7+ERp/I75Cseg
0WtdElN3wW8StwMJFtkCO4SgN1rgwxtYXpVj4Jf5ktFZNSIXjbEQyMGxZ9EZ4phC
7zqsrHIVrLa91bz6TXVD
=VRYg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.