|
Message-Id: <20160606142120.B833F332034@smtpvbsrv1.mitre.org> Date: Mon, 6 Jun 2016 10:21:20 -0400 (EDT) From: cve-assign@...re.org To: gustavo.grieco@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, amaris@...hat.com Subject: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I think CVE-2016-4347 and CVE-2015-7558 (stack exhaustion due to > cyclic dependency, reported here: > http://www.openwall.com/lists/oss-security/2015/12/21/5) are in fact, > the same issue. This is probably my fault (sorry!). > > MITRE: We should reject the the newly assigned one? Yes, we have rejected CVE-2016-4347 in favor of CVE-2015-7558. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXVYZVAAoJEHb/MwWLVhi23P4P/jRHh7qf6/Iw3JTxwbWOJYAb vL30dueXHyLZkW+tHhBIk5YTRUfqcozmP8AbWpJ6MImYn9XpIXqyvh3m9b3kSIWX pXABqX9FwdXhkDaQThsEiSy7IkzMZwSV8LYoZ4o+G4FmL9jwjTh7EUh5t8DXzZlC bGgDwAtgWwxp5EhtrFHt00QTk9Qb+ShCxOEQGL/g0MXUqRbm4vIO4qrztxfo4Ekn Oh9RhF+17pzhHJVf9UFIWWtqeUmKGsPPXBm63r0V64297gPpgmnaCo0ssk5Q1wE3 0Z2M63gsjsh8v5OJkL3QCP7hOCy4iPci0Xz0VPIp4V2Rh+qv7ref+K/Jd9Tp8Qpq 5wiWrMSp17ERhn5HT6uEFiSOq8p3uVr/TOXH/UifEuqTrcDJujTucVlLKMuWjGDQ H/lr0XpRzeSP7kinUpJwQlL9s2qp7M5FE9YgecOt1IxFK6nJ4jrWpQJt9p4IqUZY RZd972FpwYa3JHdtujZGkczJ1uV8I+qphxoRWJ/QPwzDJKSCuWKwAyD2/zf2VcmB 2trpFGsUaj6jZxrp7YkVyKTDXh2qnrlzrlZR9spJyB49vaeBkoY7+ERp/I75Cseg 0WtdElN3wW8StwMJFtkCO4SgN1rgwxtYXpVj4Jf5ktFZNSIXjbEQyMGxZ9EZ4phC 7zqsrHIVrLa91bz6TXVD =VRYg -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.