oss-security - Re: CVE id request: fraud2

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-Id: <200809241747.08239.rbu@gentoo.org>
Date: Wed, 24 Sep 2008 17:47:05 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: fraud2

On Tuesday 23 September 2008, Steffen Joeris wrote:
> Hi
>
> fraad2 is affected by a heap overflow.
>
> Upstream announcement:
> http://www.audiocoding.com/
>
> Upstream patch:
> http://www.audiocoding.com/patch/main_overflow.diff
>
> Gentoo Bugreport:
> http://bugs.gentoo.org/show_bug.cgi?id=238445
>
> Debian Bugreport:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899
>
> Could I please get a CVE id for this?
>
> Cheers
> Steffen

CVE-2008-4201 states "in FAAD2 before 2.6.1", whereas the patch is based 
on 2.6.1 -- i.e. 2.6.1 is affected. So the CVE needs to be corrected.

Robert

Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.