Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 10 Nov 2008 09:47:50 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>, Greg KH <greg@...ah.com>
Subject: Re: CVE requests: kernel: hfsplus-related bugs


On Mon, 10 Nov 2008, Eugene Teo wrote:

> > 1) hfsplus: fix Buffer overflow with a corrupted image
> > Upstream commit: efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
> ...
> There's an equivalent bug for hfs. The upstream commit is d38b7aa. We
> will need a CVE name for this too.

Use CVE-2008-5025

Is the bug exactly equivalent?  Could you be more specific about existing
references?  "d38b7aa" doesn't look like a typical commit ID so the CVE is
currently marked as reserved.

- Steve

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux