Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Jun 2016 11:00:56 -0400 (EDT)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, tiwai@...e.de
Subject: Re: CVE Request: integer overflow in ALSA snd_compress_check_input

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> but there was no 2012 CVE assignment to the original fixing commit b35cc8225845 as far as I see:
> 
> commit b35cc8225845112a616e3a2266d2fde5ab13d3ab
> Author: Dan Carpenter <dan.carpenter@...cle.com>
> Date:   Wed Sep 5 15:32:18 2012 +0300
> 
>     ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()
>     
>     These are 32 bit values that come from the user, we need to check for
>     integer overflows or we could end up allocating a smaller buffer than
>     expected.

> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab

Use CVE-2012-6703.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXcpCGAAoJEHb/MwWLVhi2aMYP/j9JEZplRgptXAOO/yVII9Bd
sUd/mJuGgc9HRMzppMPhu8GLjA0IIG1Ms0T3OL37ESBGOqKAMaWQO2E1WNl61igq
QzrZGE6t8aYLoP4rESXWmSbZ2QQHxKpXfre48Uaek/Flc4sVMeCW0TfwZANv5CEB
mdLLpDNDDpgUWDzAE27PG1+zSJoE+aI+HM72rKfRYTpSmzqcGbA7rxGB+/8whkVO
yaUeIRrZ1Tn8m320+HEA7pfUF48cS5i5RCir99eViLhXlk1rTDDrHUYxhnD9cSi0
dR9JZNLfPNhJKjAe/NjqnsLVLk97wKGP0vKnSvm9TSt26DGeg99jEelc073/tGIR
xEgcnSZ8enle+O6T1nJFykOKolujeqzzu2AApZTSTs4uofLPl0pnIptfaC+j4Vxv
0Myl38AzITonRBMVQprhcKg3A5AF+dMdZeRycwZauVTy4q6AgfHnLo0ahpDD515U
T2a+2W8Yo3n8b/GDN8P4HGvo7rrVuyMyVyT53U0qgdz2Ls6qQX9Z0pAHINRJNujD
BJivsm49vw9NnzDo0opxh9fiO3MLoT/4lot//c1NyBvEaJzrOAMic6MthYFaIGSI
lTE796ibKjdk6v3G6YdQs5vug2HvFe4I8yYl1OPwF4Qb29DzkQ52rPT1GezD/nJA
Avd/cqOXOsknyoDGR5k5
=J3ot
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ