Date: Wed, 12 Sep 2012 14:34:53 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: CVE id request: tor Hi, from the tor release notes: Changes in version 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more opportunities for remotely triggerable assertions. o Security fixes: - Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object. Bug found by fuzzing with Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients. Fixes bug 6690; bugfix on 0.2.1.10-alpha. I have not seen CVE ids for these issues. Can you assign ids for them?  https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ