Date: Fri, 29 Apr 2016 16:24:52 +0200 From: Martin Prpic <mprpic@...hat.com> To: "OSS Security Mailinglist" <oss-security@...ts.openwall.com> Subject: CVE request: three issues in libksba Hi, Can CVEs please be assigned to these three issues (unless they've already been assigned and I failed to find them): Denial of Service due to stack overflow in src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a Integer overflow in the BER decoder src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887 Integer overflow in the DN decoder src/dn.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 A Gentoo advisory lists them as being fixed in version 1.3.3 and higher: https://lwn.net/Alerts/685271/ Thank you! -- Martin Prpič / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.