Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20151022180601.E5FB58BC011@smtpvmsrv1.mitre.org>
Date: Thu, 22 Oct 2015 14:06:01 -0400 (EDT)
From: cve-assign@...re.org
To: ya1gaurav@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, veillard@...hat.com
Subject: Re: Crafted xml causes out of bound memory access - Libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugzilla.gnome.org/show_bug.cgi?id=744980
> https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
> https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Use CVE-2015-7941 for the discussion in 744980 up to and including
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c7 (this includes
a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 and
9b8512337d14c8ddf662fcb98b0135f225a1c489).

Use CVE-2015-7942 for
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8 and
https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0 (i.e., the
finding by a different person, Kostya Serebryany).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWKSUjAAoJEL54rhJi8gl58XQP/RXrnErqOvcw9ElDbKhsp0h/
Mak8M9kVw/KFUkTCm5KLSwm5pO0Lgze0ZE7B5OxYtu1ngv0omFFuYuWMNRS3RjPE
quzdCp6lCkHqt28xTlX2wRhcXTYfcmP/JkHX8e2EYwOPoBQeGqa5jCvygPqxtKNf
Af8uydmrduY9Q/WE6MoaA5OAg9HEb+XEYbR/ErTA/K+OxERq61T0FwdNp4Vew3NH
pdCkav5zKzJ4IVJoFTQK1+NskrfePqa+GgyKsXz3aDIf4QLIrySzeT5ez/92TNx8
HU9BaNz+nF7r9LjnQhCpvBnzkYdlBhn3nbC0FtcjRIZpelcxSagphQ9G7McyP/v/
KCxCMalxdTq5iUP+7KqFUqQXYdVJrO16UrEMbx+m48C3uHMMnmlGsPHKvIoKUKzQ
OLLZ0jfAykCuCCuCP9gjIP8d8GZDYAHCkJJJKzaW2LlWOUxOu6oxUZ4PhXmawx4w
w6wQOifqCXXAFKjds22UmdZYChS7hWt/IUhlPUX72iNCPZZYjJ40MqBfCOWWrV1L
hLCHI3p9jxIWAKr4/BDjQ5sZ2qg5wVmLSn4y92RNCCEegN8ql6BXAJGAsQ0vmj4X
5HC/wjwYd9rdtTuPaCbknjcyy4pnSGzL79gEq3DBGINgbf7HkOSrGGZ6fEz5mnRS
jRpHVm+5t4HWLzt3fX/z
=UQwo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.