Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Sep 2012 14:34:53 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: CVE id request: tor

Hi,
from the tor release notes[0]:
Changes in version 0.2.2.39 - 2012-09-11
  Tor 0.2.2.39 fixes two more opportunities for remotely triggerable 
  assertions.

  o Security fixes:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
    - Do not crash when comparing an address with port value 0 to an
      address policy. This bug could have been used to cause a remote
      assertion failure by or against directory authorities, or to
      allow some applications to crash clients. Fixes bug 6690; bugfix
      on 0.2.1.10-alpha.

I have not seen CVE ids for these issues.
Can you assign ids for them?

[0] https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ