Date: Wed, 14 May 2014 23:17:22 -0400 (EDT) From: cve-assign@...re.org To: mikkel@...utz.dk Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Mumble-SA-2014-005 [http://mumble.info/security/Mumble-SA-2014-005.txt] > - SVG images with local file references could trigger client DoS > Qt's QSvg module's SVG renderer will follow file references > found in SVG's image tag and XML stylesheet references. > > For image tags, Qt tries to load the referenced file using > QImage's constructor that takes a file path. Further processing > is then delegated to an image format plugin. > > For XML stylsheets, Qt will attempt to open the referenced > file using QFile followed by a call to the readAll(), which > will read the file until EOF. > > These two possibilities makes it easy to cause a Mumble client > to hang Use CVE-2014-3755. > Mumble-SA-2014-006 [http://mumble.info/security/Mumble-SA-2014-006.txt] > - The Mumble client did not properly HTML-escape some external strings > before using them in a rich-text (HTML) context. > By default, many Qt widgets sniff their text content to > determine whether or not to use to render the text as HTML. > However, in some places, the Mumble client neglected to > properly escape external strings when used rich-text enabled > Qt widgets. Use CVE-2014-3756. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTdDFtAAoJEKllVAevmvmsEJkIAIU2hoalUJixp8Wmpyqg0SvI t12IioHB0evU+BbyuOVDFdIUDD4KMo8OuKtMZGlvX1SWdgTUbhQo0wZ/3potGmjs c7Df8+RZD3Zp8Ajn550vv/3mG1kQc+TPDOoBiiaDDpIErH39SPL1rHzUTIMm7GXD BH3iOdsmS8PgO76pM3RLwAo07hlvvkPdXl4C0BqL7Ng6vJ2bCgdYLcYRQaVrPsbb ZrZR4SUxAQ0U+/9zOz7LMMZB3oAwfTaqviqONMWZuxdENlNgzlESr3Y5lFtgkwVT l3dHzZvcODnZcgbj7aCGAAh7gbaE4NmqiZkQA7q9xeVopl+8zg5eTZq6bNF+4zk= =8lvm -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ