Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2016 02:07:06 -0500
From: <cve-assign@...re.org>
To: <gustavo.grieco@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> We recently found a read out-of-bounds parsing JavaScript code in the last
> revision of WebKit

> WTF::ParkingLot::parkConditionallyImpl

CVE IDs for WebKit are typically assigned by Google. Perhaps you are
testing WebKit code that is too new to affect Chrome. Possibly
applicable references are:

  https://webkit.org/blog/6161/locking-in-webkit/
  https://chromium.googlesource.com/chromium/src/+/master/third_party/WebKit/Source/wtf/
  https://www.google.com/about/appsecurity/chrome-rewards/

If you can confirm that Chrome is unaffected or that your report
wasn't accepted at
https://code.google.com/p/chromium/issues/entry?template=Security%20Bug
then we can send a CVE ID here.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYJW0PAAoJEHb/MwWLVhi2tAAP/0YPJtWUwAUpo9ei5DxUQpVF
nKNQjnUR3lCVGwTGDqD3F9nnoWsyrAePbAYvRyodh/KFBLbdoN9EN6N7l8HaRqgy
gbpetQ1WEJECggmarKk1HveIK82g5yfIKsAfk8ybkPl7FvObd60oQiB6TEZaZRZp
WqT1eNuJM7fB9f+8GkDhuwMNkq3Q09BMhnM4GOJP8i6afaeh6R9Ih1cVOYwmNxsF
c/+6ba2QQbCfN3G1P4Sy/0qt0Iuuh/6iN8aXu+c1Ghajx86/w5sPH5hy9BFusJ1i
e3rSYLDVknDY87gKertfHnK1fkRBvlsABVvEdCiY0a0f8e5wCHB/aTx8fgE9RvCn
M9767qljP3ea/8GAtSPwwskOx+yMNUJPYBlo6C5NDHW98sCHOlWS4yB3k8zvNWMz
vS+skFo/GrqnX3RsuNoOdvpUpwt/mBoTr6sVK/oA9xY9U+lvdGiWCRri5ugSjgSK
Dv1VpxzsQHE7fQBy8RJg5AtFS6VTKGAsTy68hAFkSTZV3aEZNJNsoRmdmCRImQs+
jKM7cT4MbSrEUEtEFysPt5AWbe5C8E8dwbhg/FNtZV7Zz+B8n7aRBfdcHMCkG0O9
NsVs9dJkv7w1mOdibownVMvTV/UqzMRr+lzzmUPbeWGetaxmCr3mn6+kx4uKYabH
aqWJRCKdup0fmNUs/xSW
=2oQn
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.