|
Message-Id: <20160203171216.EA851332075@smtpvbsrv1.mitre.org> Date: Wed, 3 Feb 2016 12:12:16 -0500 (EST) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> > From: Salvatore Bonaccorso >> > >> > While checking upstream bugzilla to see if that was reported I noticed >> > >> > https://bugzilla.gnome.org/show_bug.cgi?id=749115 >> > >> > Does this have the same root cause? >> >> The CVE-2016-2073 PoC is an '&' followed by three characters, one of >> which is a 0273 character. The PoC in 749115 has an unexpected >> character immediately after a "<!DOCTYPE html" substring. We feel that >> the CVE-2016-2073 report can have that unique ID on the basis of (at >> least) a different attack methodology. CVE assignment for 749115 is >> also possible unless 749115 already has a CVE ID. > ... Can you assign an additional CVE for > the 749115 issue? Use CVE-2015-8806 for 749115. (We don't know of any additional information about a CVE-2015-8806/CVE-2016-2073 interrelationship, or about other CVE IDs that could potentially apply to an 'unexpected character immediately after a "<!DOCTYPE html" substring' scenario.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWsjQMAAoJEL54rhJi8gl5ygUQAM4hAERzVI/E9CpMfv6esYFh qu3drRJ0HyXvxCix9Qq1CvzegF3sFVUcvTjlz1gtNeZ4akP+k+U4VHwavU3yEuLN ALvOYERtEP+rv841VYXnWwyb717zYqcoy5H3mN3xIIetvLDhNjq2WDduLZTDXLYg szlt3pQpZIWdzURkfiZC05wcgi3JmRJG5rZQYI2gK2ijWW6yYI8Q+1R1fJT1mvO1 Zp5Z+k6e3eaStEvR+8N9QXsLEL36EDb72B9KCF2Vu500g+cfTkA/KDGyM4h9dB1I 6d2pENAtkt7ur42mMgU36VxZGF6thAtG2EaLJaD2U2DLh8DWwzqCtesBV0xK4u4z 7KOKl9j46XmYvO6AbgrjdK1Ij0QWeOmDbNE3/gRfOTTLZrgH/uwWVx45e05SG9m/ rs2Fb8zHkCfWrHJbBnKgh7biKYrnfg6oj/RELOf3mMdZZ8OVA015IIiI4zLPvdE3 153o4nbiWs9rIXmFhNbuLB7FuCjg2mFl6Ffv7XgzL/BD6OIw5N53i1hxzmE+cV57 JuUMZPCzfdQ75xyBm/UfMc7bpY4auLuegrSQYUkZI4HKaa+QVMdnSJOIA0RAAxsE 9pkvHu9eF5s+j7X+M9u2xJxrwhLDRNolM10jkivTrgTjAPFYUdQ2ppfzJ0AUaYtQ UMHN8iEju9U93dGVuYRT =v0jI -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.