Date: Mon, 13 Apr 2015 15:31:20 +0200 From: Vasyl Kaigorodov <vkaigoro@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: libksba version 1.3.3 fixes multiple security issues Hello, Following issues were fixed in libksba 1.3.3: libksba: integer overflow in the DN decoder src/dn.c (append_quoted, append_atv) http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 libksba: integer overflow in the BER decoder src/ber-decoder.c (ber_decoder_s) http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887 libksba: denial of service due to stack overflow in src/ber-decoder.c (push_decoder_state, pop_decoder_state) http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a Can a CVE be assigned to these please? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/ Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.