oss-sec mailing list archives
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189
From: Andres Gomez <agomez () fluidsignal com>
Date: Tue, 6 Mar 2012 09:31:10 -0500
2012/3/5 Kurt Seifried <kseifried () redhat com>
Would you consider tham to be the same code base or a different code base? If the same code base, share the CVE, if different code bases, new CVE for it. Steve: do we have a policy for "Fresh" forks as it were?
Well, Speed Dreams started with TORCS code base, but they have added a lot new code, so I would say that right now they have different code base, although they still share a big portion of the code (as the vulnerable section). Because of that I would consider It needs a new CVE number, could you assign one to it? :)
Write up the description and send it to Mitre =).
I already did, I sent details but they have not disclosed them in web page http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1189, maybe i used a wrong email address (cve-assign () mitre org). Thank you for your help.
Current thread:
- TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Feb 18)
- Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 05)
- Message not available
- Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 06)
- Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Tomas Hoger (Mar 06)
- Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 09)
- Message not available
- Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 05)