Date: Wed, 04 Mar 2015 11:55:06 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: Invalid pointer dereference in the GNOME librest library The OAuth implementation in librest, a helper library for RESTful services part of the GNOME project, incorrectly truncates the pointer returned by the rest_proxy_call_get_url function call, leading to an application crash, or worse. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644 Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1183982 The security impact was noted in 2015, although the bug was fixed in 2014. -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.