Date: Wed, 29 May 2013 08:21:42 -0400 (EDT) From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Richard Jones <rjones@...hat.com> Subject: CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Hello Kurt, Steve, vendors, LibguestFS upstream has issued the following patch:  https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd to correct a double-free flaw in the virt-inspector / other virt-* tools, which could lead to denial of service if some of the tools were used by 3rd party applications for inspection of untrusted guest files / images:  https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html  https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html Could you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.