Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Mon, 02 Mar 2009 15:15:48 +0200
From: Pinar Yanardag <pinar@...dus.org.tr>
To: oss-security@...ts.openwall.com
Subject: CVE Request: mpfr (Buffer Overflow)

Hi,

A buffer overflow vulnerability has been fixed in the latest version of 
mpfr. From GNU mpfr changelog [1]:

--->8---
Changes from version 2.4.0 to version 2.4.1     
* Security fix in mpfr_snprintf and mpfr_vsnprintf (buffer overflow).

--->8---

[1]: http://www.mpfr.org/mpfr-2.4.1

Cheers,

-- 
Pinar Yanardag
http://pinguar.org
_________________________________________________________
Pardus Security Team
http://security.pardus.org.tr

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux