![]() |
|
Date: Tue, 01 Nov 2011 16:03:33 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Vincent Danen <vdanen@...hat.com> Subject: Re: CVE request for wireshark flaws For the record: this is a *perfect* CVE request =). It's descriptive, it has versions, it has all the links to verify it with the original sources, all that good stuff. On 11/01/2011 03:51 PM, Vincent Danen wrote: > Can I get CVEs assigned to the following wireshark flaws? > > > 1) An uninitialized variable in the CSN.1 dissector could cause a crash. > > Affects: 1.6.0 to 1.6.2, fixed in 1.6.3 > > References: > http://www.wireshark.org/security/wnpa-sec-2011-17.html > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351 > http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140 > https://bugzilla.redhat.com/show_bug.cgi?id=750643 > Please use CVE-2011-4100 for this. > > 2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that > the Infiniband dissector could dereference a NULL pointer. > > Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3 > > References: > http://www.wireshark.org/security/wnpa-sec-2011-18.html > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476 > http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500 > https://bugzilla.redhat.com/show_bug.cgi?id=750645 > Please use CVE-2011-4101 for this. > > 3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a > buffer overflow in the ERF file reader. > > Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3 > > References: > http://www.wireshark.org/security/wnpa-sec-2011-19.html > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479 > http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508 > https://bugzilla.redhat.com/show_bug.cgi?id=750648 > Please use CVE-2011-4102 for this. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.