Date: Mon, 13 Apr 2015 19:15:10 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: CVE request: libksba version 1.3.3 fixes multiple security issues Now also written up an advisory for these and other issues: https://blog.fuzzing-project.org/7-Multiple-vulnerabilities-in-GnuPG,-libksba-and-GpgOL-TFPA-0032015.html At least the GpgOL issue probably sould also get a CVE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgol.git;a=commit;h=35e68591863b7da1698ddc24d8f035fc4c382b9a http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgol.git;a=commit;h=eb1b9bfc088ce33c398dd6f6b7bf80797fbb9011 (same issue is in gpgparsemail, which is a command line mail parsing tool shipped with gnupg) I leave it up to MITRE whether to assign CVEs to the DoS issues. (In the past they usually didn't get CVEs.) cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.