oss-sec mailing list archives
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189
From: Andres Gomez <agomez () fluidsignal com>
Date: Fri, 9 Mar 2012 09:13:26 -0500
2012/3/6 Tomas Hoger <thoger () redhat com>
Their code bases may differ significantly in other parts, but it seems the affected vulnerable code is still identical between the two. Following are versions shortly before fixes got committed: http://torcs.cvs.sourceforge.net/viewvc/torcs/torcs/torcs/src/modules/graphic/ssggraph/grsound.cpp?revision=1.31.2.2&view=markup http://speed-dreams.svn.sourceforge.net/viewvc/speed-dreams/trunk/src/modules/graphic/ssggraph/grsound.cpp?revision=4146&view=markup In cases like this, same CVE is used for all project that use / embed the same affected code.
Ok, understood, thanks.
Write up the description and send it to Mitre =). I already did, I sent details but they have not disclosed them in web page http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1189, maybe i used a wrong email address (cve-assign () mitre org).
So, what Mitre's email could I send CVE-2012-1189 details? Regards Andres Gomez
Current thread:
- TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Feb 18)
- Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 05)
- Message not available
- Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 06)
- Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Tomas Hoger (Mar 06)
- Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 09)
- Message not available
- Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 05)