oss-sec mailing list archives
Re: CVE request: VLC / Asterisk
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 06 Jul 2012 11:19:23 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/06/2012 08:55 AM, Moritz Muehlenhoff wrote:
Hi, Please assign CVE IDs: 1. heap-based buffer overflow in VLC's Ogg demuxer Fixed in the VLC 2.0.2 release Commit: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
Please
use CVE-2012-3377 for this issue.
2. asterisk: Possible resource leak on uncompleted re-invite transactions http://downloads.asterisk.org/pub/security/AST-2012-010.html
Splitting this issue into a separate email thread.
Cheers, Moritz
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP9x4bAAoJEBYNRVNeJnmTepIQAIfun+T8HGlTN+Wqg3scHa69 o83lg53s9TxuyY8cwXS82bSfPpwk9eLg+YL0huF+yTG6Ziqq4txEo5FQdVzWPJ4p qveE4qglOevmCNuenU3w6YRUhxX6cXvyWHg0RpFianZKrmn6xn4doguik/9NLg6w KGPk/9eoTYpQ8mrw1kRbA5ClRLvfZCPkXFzu3xOKKBcLKhAmruLFQwHR5ykC28PN ydbbHnbE2QQhXwFsEt4g1x1dBeGq7Jgj9fsE0FI52WvjPlAOhGJaw+wA3xijy9fy N8GF4feqxuP7xbkD3KRfcKTXyXgLXRvMQ/NtFN0LxfvWthVCv+63soC2RFLBuw7g WbE7AdOv/a1BhaX66LfcGFA5m4P64GNrBbz6/BMLzbzGtIUIgV2/OYCXRWJ8QPnq jDWKK5lgyjwyKKrq73/DLJP5CcjulCdB9ErBbcdPgZ9cezukvdki2cVOJj3EhC93 ibFbdZZSE/WYwYiPajQ0ZPUW5VZrfF2uiqoCkW2fbg1SNfpOzQMnEzbdGljIZAPZ TMH63p2n9Bt4Ct0JlsvZ0phpPQbMXVMkXqpkQXfKELcX4jjD2pRcIm7F/7tG9YqP KvzoBJRvaH0+Or7UMuL7fXZ1BbemEWJ9AMoRo/9jEZXerPTeekeVlku4KGxQeNEs K0sNKSlCM48/RdGLRqfH =wIFY -----END PGP SIGNATURE-----
Current thread:
- CVE request: VLC / Asterisk Moritz Muehlenhoff (Jul 06)
- Re: CVE request: VLC / Asterisk Kurt Seifried (Jul 06)
- Re: CVE request: Asterisk Kurt Seifried (Jul 06)
- Re: CVE request: Asterisk cve-assign (Jul 06)
- Re: CVE request: Asterisk Matthew Jordan (Jul 06)