Date: Tue, 31 Jan 2017 15:09:58 +0100 (CET) From: <nikola.sc@...mail.me> To: <oss-security@...ts.openwall.com> Subject: CVE request: multiples vulnerabilities in libplist Fixed in libplist, a library to handle Apple Property List format in binary or XML. Debian and Ubuntu are using vulnerable versions.https://github.com/libimobiledevice/libplist Public issues:heap-buffer-overflow in parse_dict_node https://github.com/libimobiledevice/libplist/issues/89 memory allocation errorhttps://github.com/libimobiledevice/libplist/issues/88 heap-buffer-overflow CVE-2017-5545 used in https://github.com/libimobiledevice/libplist/issues/87 issue in plist_free_data plist.c:185 https://github.com/libimobiledevice/libplist/issues/86 Regards, Nikola -- Nikola s.c
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ