Date: Wed, 15 Oct 2008 14:34:45 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com, Jamie Strandboge <jamie@...onical.com> cc: jdong@...ntu.com Subject: Re: CVE request: jhead Here's the current writeup for CVE-2008-4575. Jamie and John - don't feel forced to publish more specific details, just knowing the bug types (and whether upstream fixed *all* the overflows in 2.84, or just some) is enough. - Steve ====================================================== Name: CVE-2008-4575 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4575 Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6 Reference: CONFIRM:http://www.sentex.net/~mwandel/jhead/changes.txt Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) possibly other unspecified vectors.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.