|
Message-Id: <201210121602.57370.mweckbecker@suse.de> Date: Fri, 12 Oct 2012 16:02:57 +0200 From: Matthias Weckbecker <mweckbecker@...e.de> To: oss-security@...ts.openwall.com Subject: Re: libproxy PAC downloading buffer overflows On Friday 12 October 2012 15:46:47 Kurt Seifried wrote: > On 10/12/2012 02:43 AM, Tomas Hoger wrote: > > Hi! > > > > libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz: > > > > http://code.google.com/p/libproxy/source/detail?r=853 > > https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504 > > > Upstream announcement also mentions another issue - CVE-2012-4505. > > It is related, but different problem that was found in pre-0.4 > > versions while investigating if they were affected by > > CVE-2012-4504. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505 > > Please use CVE-2012-4521 for this issue. Wasn't this rather a CVE notification than a CVE request? At least it looked like this to me. The announcement mentions two CVE. Matthias -- Matthias Weckbecker, Senior Security Engineer, SUSE Security Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany Tel: +49-911-74053-0; http://suse.com/ SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.