Date: Wed, 24 Sep 2008 17:47:05 +0200 From: Robert Buchholz <rbu@...too.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: fraud2 On Tuesday 23 September 2008, Steffen Joeris wrote: > Hi > > fraad2 is affected by a heap overflow. > > Upstream announcement: > http://www.audiocoding.com/ > > Upstream patch: > http://www.audiocoding.com/patch/main_overflow.diff > > Gentoo Bugreport: > http://bugs.gentoo.org/show_bug.cgi?id=238445 > > Debian Bugreport: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899 > > Could I please get a CVE id for this? > > Cheers > Steffen CVE-2008-4201 states "in FAAD2 before 2.6.1", whereas the patch is based on 2.6.1 -- i.e. 2.6.1 is affected. So the CVE needs to be corrected. Robert Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.