Date: Tue, 31 Jan 2017 15:09:58 +0100 (CET) From: <nikola.sc@...mail.me> To: <oss-security@...ts.openwall.com> Subject: CVE request: multiples vulnerabilities in libplist Fixed in libplist, a library to handle Apple Property List format in binary or XML. Debian and Ubuntu are using vulnerable versions.https://github.com/libimobiledevice/libplist Public issues:heap-buffer-overflow in parse_dict_node https://github.com/libimobiledevice/libplist/issues/89 memory allocation errorhttps://github.com/libimobiledevice/libplist/issues/88 heap-buffer-overflow CVE-2017-5545 used in https://github.com/libimobiledevice/libplist/issues/87 issue in plist_free_data plist.c:185 https://github.com/libimobiledevice/libplist/issues/86 Regards, Nikola -- Nikola s.c
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.