[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111101215133.GA22739@redhat.com>
Date: Tue, 1 Nov 2011 15:51:35 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request for wireshark flaws
Can I get CVEs assigned to the following wireshark flaws?
1) An uninitialized variable in the CSN.1 dissector could cause a crash.
Affects: 1.6.0 to 1.6.2, fixed in 1.6.3
References:
http://www.wireshark.org/security/wnpa-sec-2011-17.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
https://bugzilla.redhat.com/show_bug.cgi?id=750643
2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
the Infiniband dissector could dereference a NULL pointer.
Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
References:
http://www.wireshark.org/security/wnpa-sec-2011-18.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
https://bugzilla.redhat.com/show_bug.cgi?id=750645
3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader.
Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
References:
http://www.wireshark.org/security/wnpa-sec-2011-19.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508
https://bugzilla.redhat.com/show_bug.cgi?id=750648
--
Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
