Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 12 Oct 2012 16:02:57 +0200
From: Matthias Weckbecker <mweckbecker@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: libproxy PAC downloading buffer overflows

On Friday 12 October 2012 15:46:47 Kurt Seifried wrote:
> On 10/12/2012 02:43 AM, Tomas Hoger wrote:
> > Hi!
> >
> > libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:
> >
> > http://code.google.com/p/libproxy/source/detail?r=853
> > https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504
>
> > Upstream announcement also mentions another issue - CVE-2012-4505.
> > It is related, but different problem that was found in pre-0.4
> > versions while investigating if they were affected by
> > CVE-2012-4504.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505
>
> Please use CVE-2012-4521 for this issue.

Wasn't this rather a CVE notification than a CVE request? At least 
it looked like this to me. The announcement mentions two CVE.

Matthias

-- 
Matthias Weckbecker, Senior Security Engineer, SUSE Security Team
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
Tel: +49-911-74053-0;  http://suse.com/
SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.