Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 28 Sep 2016 13:26:59 -0400 (EDT)
From: cve-assign@...re.org
To: jericho@...rition.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request - OpenSLP 2.0 Memory Corruption

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> : : https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/
> 
> : Use CVE-2016-7567.
> 
> Why did this get a 2016 CVE?

>> Bug 151: Fix memory corruption due to possible overflow in SLPFoldWhiteSpace
>> 
>> 2015-12-01

"possible overflow" in the 2015 reference was not interpreted to mean
a definitive statement of a security problem, and the defining
reference is the
http://www.openwall.com/lists/oss-security/2016/09/27/4 posting
itself, which occurred in 2016. In other words, either a CVE-2015-
number or a CVE-2016- number may have been reasonable but we chose the
latter.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX6/yDAAoJEHb/MwWLVhi2gXgQALabK0bQBMvo1WbF4nbg2zDB
nJxmBxNLCbIE0EzGimrh/ytHwHO2eBpVxRsHTGBD9gkiKWi6IdlNk6nPqNndwmGf
XfNVA/HCAd5LbuvkxOgYtAxTEWfvbvUqty5xtXl8Fr9OzBzO8D3a6IheTRgTqdP0
VhOBUiLi9G/EEuDGIKP1ly5/1UhSWGc83itsjlR/4751EnXPkIX7xkp8QLged5pR
YAoxVg66bbmuL5g9PKA+1Vit5MmlookIJ8t6CYcPHoSolmRc4Wfa7WDMxgxZrp63
BkML/2DlFoM/zWP9APLOtlLN+tx2NuQKDv01f7t6zXD4nmZug/kK5CwOSErooM+l
e/dga/C4SUzNzH1VHppFYyeZtzBBV7ggsW1d6GUp6OKQaBbd32st+18Qb9qiQ3HA
Ina1/a+kiAL7yrSY07Rc06Z1P8KzhQTWK/apEnE/bLdSLtuFmDZtr0u80auLfZvy
KOMOa1+UOhome6x8cs+oCMTF5/DxPF2+K1Jyss6uW8tFlfywLsnmkC7KLRSzsqzu
KKEyrf5vCuZELF5V6UjYdgELTYcNJZmhjgBk8ReKofJ5AXHW+hRy7EagZnQ+9DX2
K+Y6JubZxBI2Ie/8TZ+ec4Vf23E8xjPiRr7qxSYWxmBvzjNhwaWhgn1FQ0yG/+t3
cYwq0Wg1ktDWw26KYtvm
=l+Su
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ