[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Tue, 18 Mar 2008 16:55:16 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Josh Bressers <bressers@...hat.com>
cc: oss-security@...ts.openwall.com,
"Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: bzip2 CERT-FI: 20469
======================================================
Name: CVE-2008-1372
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
Reference: MISC:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Reference: CONFIRM:http://bzip.org/
Reference: CONFIRM:https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
Reference: CERT-VN:VU#813451
Reference: URL:http://www.kb.cert.org/vuls/id/813451
Reference: BID:28286
Reference: URL:http://www.securityfocus.com/bid/28286
Reference: FRSIRT:ADV-2008-0915
Reference: URL:http://www.frsirt.com/english/advisories/2008/0915
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to
cause a denial of service (crash) via a crafted file that triggers a
buffer over-read, as demonstrated by the PROTOS GENOME test suite.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux