|
Message-ID: <68c5181b.63b20bff@fabiankeil.de>
Date: Thu, 4 Dec 2014 20:32:25 +0100
From: Fabian Keil <freebsd-listen@...iankeil.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: out-of-bounds memory access flaw in
unrtf
"Vincent Danen" <vdanen@...hat.com> wrote:
> On 12/03/2014, at 9:57 AM, Michal Zalewski wrote:
>
> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1170233>
> >> You mixed up Michal and me :-)
> >
> > Possibly in reference to:
> > https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
>
> Wow, I was more tired than I thought. I did take the wrong reference
> and was indeed referring to Michal's mail.
>
> I've updated our bug to to note both even though it may require more
> than one CVE. It seems like quite the mess for an unmaintained package.
Potential fixes:
http://www.fabiankeil.de/sourcecode/unrtf-0.21.5-various-fixes.diff
The patch set also fixes a use-after-free issue, it probably doesn't
need a CVE, though.
Fabian
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.