Date: Mon, 3 Dec 2012 12:36:27 -0500 (EST) From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Damien Sandras <dsandras@...onix.com>, Eugen Dedu <eugen.dedu@...pm.univ-fcomte.fr> Subject: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Hello Kurt, Steve, vendors, a denial of service flaw was found in the way Ekiga, a Gnome based SIP/H323 teleconferencing application, processed information from certain OPAL connections ([certain] UTF-8 strings were not verified for validity prior showing them). A remote attacker (other party with a not UTF-8 valid name) could use this flaw to cause ekiga executable crash. Upstream bug report:  https://bugzilla.gnome.org/show_bug.cgi?id=653009 Relevant upstream patch:  http://git.gnome.org/browse/ekiga/commit/?id=7d09807257 References:  http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news  https://bugzilla.redhat.com/show_bug.cgi?id=883058 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.