Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 14:06:01 -0400 (EDT)
From: cve-assign@...re.org
To: ya1gaurav@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, veillard@...hat.com
Subject: Re: Crafted xml causes out of bound memory access - Libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugzilla.gnome.org/show_bug.cgi?id=744980
> https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
> https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Use CVE-2015-7941 for the discussion in 744980 up to and including
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c7 (this includes
a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 and
9b8512337d14c8ddf662fcb98b0135f225a1c489).

Use CVE-2015-7942 for
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8 and
https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0 (i.e., the
finding by a different person, Kostya Serebryany).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWKSUjAAoJEL54rhJi8gl58XQP/RXrnErqOvcw9ElDbKhsp0h/
Mak8M9kVw/KFUkTCm5KLSwm5pO0Lgze0ZE7B5OxYtu1ngv0omFFuYuWMNRS3RjPE
quzdCp6lCkHqt28xTlX2wRhcXTYfcmP/JkHX8e2EYwOPoBQeGqa5jCvygPqxtKNf
Af8uydmrduY9Q/WE6MoaA5OAg9HEb+XEYbR/ErTA/K+OxERq61T0FwdNp4Vew3NH
pdCkav5zKzJ4IVJoFTQK1+NskrfePqa+GgyKsXz3aDIf4QLIrySzeT5ez/92TNx8
HU9BaNz+nF7r9LjnQhCpvBnzkYdlBhn3nbC0FtcjRIZpelcxSagphQ9G7McyP/v/
KCxCMalxdTq5iUP+7KqFUqQXYdVJrO16UrEMbx+m48C3uHMMnmlGsPHKvIoKUKzQ
OLLZ0jfAykCuCCuCP9gjIP8d8GZDYAHCkJJJKzaW2LlWOUxOu6oxUZ4PhXmawx4w
w6wQOifqCXXAFKjds22UmdZYChS7hWt/IUhlPUX72iNCPZZYjJ40MqBfCOWWrV1L
hLCHI3p9jxIWAKr4/BDjQ5sZ2qg5wVmLSn4y92RNCCEegN8ql6BXAJGAsQ0vmj4X
5HC/wjwYd9rdtTuPaCbknjcyy4pnSGzL79gEq3DBGINgbf7HkOSrGGZ6fEz5mnRS
jRpHVm+5t4HWLzt3fX/z
=UQwo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.