Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2971422.7a4hKthq7I@blackgate>
Date: Tue, 17 Jan 2017 11:33:28 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)

On Monday 16 January 2017 19:08:48 cve-assign@...re.org wrote:
> > []
> > https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-de
> > c_clnpass-jpc_t1dec-c
> > 
> > AddressSanitizer: SEGV on unknown address
> > The signal is caused by a WRITE memory access.
> > 
> > dec_clnpass ... jasper-1.900.27/src/libjasper/jpc/jpc_t1dec.c:869:4
> 
> Use CVE-2017-5503.
> 
> 
> --
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]

The previous mail clearly state:
> Timeline:
> 2016-11-20: bug discovered and reported to upstream

Why a CVE-2017-* ?

--
Agostino

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.