Date: Thu, 11 Jun 2015 09:54:26 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Possible CVE Requests: libmspack: several issues -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > null pointer dereference on a crafted CAB: > - https://bugs.debian.org/774665 Use CVE-2014-9732. > CHM decompression: division by zero > - https://bugs.debian.org/774725 Use CVE-2015-4467. > CHM decompression: pointer arithmetic overflow > - https://bugs.debian.org/774726 Relative to the http://anonscm.debian.org/cgit/collab-maint/libmspack.git/commit/?id=a25bb144795e526748b57884daf365732c7e2295 commit, use CVE-2015-4468 for the issues resolved by fix-pointer-arithmetic-overflow.patch and use CVE-2015-4469 for the issue resolved by fix-name-field-boundaries.patch. (Note that these were originally combined within the diff included in the https://bugs.debian.org/774726#3 message.) The fix-name-field-boundaries.patch is about missing input validation and can't have the same CVE ID as the two cases where the only change was from a "p + name_len > end" test to a "name_len > end - p" test. > off-by-one buffer over-read in mspack/mszipd.c > - https://bugs.debian.org/775498 Use CVE-2015-4470. > off-by-one buffer under-read in mspack/lzxd.c > - https://bugs.debian.org/775499 Use CVE-2015-4471. The vendor notes that the later-problematic code had been valid before 2006-08-31. > CHM decompression: another pointer arithmetic overflow > - https://bugs.debian.org/775687 Use CVE-2015-4472. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVeZJSAAoJEKllVAevmvmsql4H/2k7qmN/J0L5i7nuticZBbm6 dQEHjoH4wK5n7bMoKeBVC2LAr+hlV6L5dxkfUCAknf4JwxnUCwBh27ewpGj7V5uW JrOSeKUkq6LHPyScB5cZPeAagqDEzp42eNZbVJ0J44qlBRMjJkaLkuXDMR6DHaW9 am5vka2/zmDZgYYbdByleQnr1oB6NPGsl0cKxgZs73PxY96dr+T5E9L4njsa199Y AxIo1ULaZ8k4AEN1OqqBTxWOI3GDj3GlWSrCPzwPyXBIz2gw6OYdd1gMoqpdEuM/ Z12I1gCdlZ3riDtBO/BMS8hW/lAcHccigao+fQegGEppCAaXPLVdZ/0qrLIsmhA= =NsCS -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.