oss-sec mailing list archives
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
From: Josh Bressers <bressers () redhat com>
Date: Wed, 29 Sep 2010 15:06:31 -0400 (EDT)
Steve, There are a few requests for MITRE below (2008 and 2009 IDs needed). ----- "Moritz Muehlenhoff" <jmm () debian org> wrote:
Hi, here's a few more CVE requests for issues in the Debian Security Tracker without a CVE ID assigned: 1. Poppler (might also affect xpdf and kpdf due to code heritage, not determined yet) http://secunia.com/advisories/41596/ -> Links to poppler git commits are given in the Secunia link
This needs to be properly understood. I'm not assigning IDs until someone does a proper triage.
2. Quassel http://quassel-irc.org/node/115
I presume this is a DoS (the details are pretty slim) CVE-2010-3443
3. Pyfribidi http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570068
This looks to be a buffer overflow. CVE-2010-3444
4. Overkill (this should be a CVE-2009 ID) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549310
I'm out of 2009 IDs. Can MITRE take this one.
5. Emacs mode for reStructuredText (from DocUtils) (this should be a CVE-2009 ID) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755
I'm out of 2009 IDs. Can MITRE take this one.
6. FireGPG (this should be a CVE-2008 ID) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386 http://securityvulns.com/Udocument757.html
I have no 2008 IDs. This one will have to wait for MITRE.
7. Wireshark BER dissector http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
This one looks like a stack overflow, the advisory isn't very clear, but claims there are two possible outcomes. We can always split later if needed. CVE-2010-3445 Thanks -- JB
Current thread:
- CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Moritz Muehlenhoff (Sep 29)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Josh Bressers (Sep 29)