Date: Fri, 24 Apr 2015 23:22:20 -0400 (EDT) From: cve-assign@...re.org To: meissner@...e.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, xorg_security@...rg Subject: Re: CVE request: X server crash by client -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > We got notified that the fix for CVE-2014-8092 introduced the possibility > of a division by 0 when the "height" for the PutImage call is 0, leading > to X server abort. > > This was already fixed in January in X git. > http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b > > As this is a local denial of service, but might be triggerable by images with 0 height > supplied externally, it might need a CVE. Use CVE-2015-3418. > https://bugzilla.novell.com/show_bug.cgi?id=928520 This currently doesn't seem to be a public bug - we don't know whether that's intentional. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVOwe3AAoJEKllVAevmvms170IALWrHYmuCpdiUYi5wSfexpd2 3YhS+UQTpZnhxYbZSF3kfM++MVXE5SuOen+5sfXNum2Y1ekbLTRbGEj7ausfzVI9 JouLh7UV7L3Eu/1JCyFBua3RLPyiPAJI0+XakQa4byK1FJn4ltsdntH+fwoVyk5t uILMXDj6EA5n4gSokRJRm01gDvmeTw55HtQe57DZSRt48zCwv+BgIm8+JhpFsTFU LmH4DtbAUyYWi1eWYDrLE7HBkE6hXtX2flPoxRHi48Ery+nNwX63pL2Qt077bgd8 W329vXc8fSkDpHzd5d6SlSQ5oaA9aSwVdWVPoqV397+wyTCpH1fZT/YdaN4XiZs= =+GPK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.