|
Message-Id: <201405150317.s4F3HMtH025047@linus.mitre.org> Date: Wed, 14 May 2014 23:17:22 -0400 (EDT) From: cve-assign@...re.org To: mikkel@...utz.dk Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Mumble-SA-2014-005 [http://mumble.info/security/Mumble-SA-2014-005.txt] > - SVG images with local file references could trigger client DoS > Qt's QSvg module's SVG renderer will follow file references > found in SVG's image tag and XML stylesheet references. > > For image tags, Qt tries to load the referenced file using > QImage's constructor that takes a file path. Further processing > is then delegated to an image format plugin. > > For XML stylsheets, Qt will attempt to open the referenced > file using QFile followed by a call to the readAll(), which > will read the file until EOF. > > These two possibilities makes it easy to cause a Mumble client > to hang Use CVE-2014-3755. > Mumble-SA-2014-006 [http://mumble.info/security/Mumble-SA-2014-006.txt] > - The Mumble client did not properly HTML-escape some external strings > before using them in a rich-text (HTML) context. > By default, many Qt widgets sniff their text content to > determine whether or not to use to render the text as HTML. > However, in some places, the Mumble client neglected to > properly escape external strings when used rich-text enabled > Qt widgets. Use CVE-2014-3756. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTdDFtAAoJEKllVAevmvmsEJkIAIU2hoalUJixp8Wmpyqg0SvI t12IioHB0evU+BbyuOVDFdIUDD4KMo8OuKtMZGlvX1SWdgTUbhQo0wZ/3potGmjs c7Df8+RZD3Zp8Ajn550vv/3mG1kQc+TPDOoBiiaDDpIErH39SPL1rHzUTIMm7GXD BH3iOdsmS8PgO76pM3RLwAo07hlvvkPdXl4C0BqL7Ng6vJ2bCgdYLcYRQaVrPsbb ZrZR4SUxAQ0U+/9zOz7LMMZB3oAwfTaqviqONMWZuxdENlNgzlESr3Y5lFtgkwVT l3dHzZvcODnZcgbj7aCGAAh7gbaE4NmqiZkQA7q9xeVopl+8zg5eTZq6bNF+4zk= =8lvm -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.