Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4EB06CB5.50807@redhat.com>
Date: Tue, 01 Nov 2011 16:03:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request for wireshark flaws

For the record: this is a *perfect* CVE request =). It's descriptive, it
has versions, it has all the links to verify it with the original
sources, all that good stuff.

On 11/01/2011 03:51 PM, Vincent Danen wrote:
> Can I get CVEs assigned to the following wireshark flaws?
>
>
> 1) An uninitialized variable in the CSN.1 dissector could cause a crash.
>
> Affects: 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-17.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
> https://bugzilla.redhat.com/show_bug.cgi?id=750643
>
Please use CVE-2011-4100 for this.

>
> 2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
> the Infiniband dissector could dereference a NULL pointer.
>
> Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-18.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
> https://bugzilla.redhat.com/show_bug.cgi?id=750645
>
Please use CVE-2011-4101 for this.
>
> 3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
> buffer overflow in the ERF file reader.
>
> Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-19.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508
> https://bugzilla.redhat.com/show_bug.cgi?id=750648
>
Please use CVE-2011-4102 for this.

-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.