oss-sec mailing list archives
Re: CVE id request: tor
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 12 Sep 2012 11:01:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/12/2012 06:34 AM, Nico Golde wrote:
Hi, from the tor release notes[0]: Changes in version 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more opportunities for remotely triggerable assertions. o Security fixes: - Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object. Bug found by fuzzing with Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients. Fixes bug 6690; bugfix on 0.2.1.10-alpha. I have not seen CVE ids for these issues. Can you assign ids for them? [0] https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes Kind regards Nico
Can you attach links to the code commits? thanks - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUL/VAAoJEBYNRVNeJnmThS4QAJPaR7hTDD8WRK1TJRnFe0at cOkJu7JhHNpzPzzTsEufE3taeowOapQVOjZXDkATWjS5zZqOvvtPmIH+zJISLEp8 YSACD81eNQzwuvebR8puU+noIC+CJy1TvRtUQq2dYJj0wOkdJ3Iw+FyR9X6B0Bbe viXf/hn4Dy++F2iyM0m6kbjKLlvKzmvYgXFYRegWDZ2sf+32tMiXXl63zC/xx6uN NBjtEo5Oo2x2sWYPGu8q+49kvNuYK3T3q+Y5OY+IOCdVv4lwXWDFeBwQo7LxrYV/ ASF90E7A6Y8sAa+WqzT2hDdwXM3i2ksPYE6zfXbVk2dlK8LDKje51lL/kV0MP+OW gMxwmI5LkvR8K6LHl3XxxLrRio2KVuIybvd8wszx1u4e7iaxNY/P/G3fLj25x0MC Gx5Zid7R2TiP5CpvpGLi6zyQ/WhX+DytCLqYa4M1HHfEUAZAcxjAyCmPX3+4CMSb b4y4MSYCft343PbzQSaRP5O/zCYxUsgQGpJGFQkhYNa8ePP0LoUX94P3eeXCcwSN XXgUhVPLJi8309HZT7lMSEWSH3rwN2sjZkNBXT2a7bTadFQspQLXK7W9caAl+H0P KhW9uuHb3g6UWo6UfHJtlOmL912VyKYwha4lQhO9bDvh5jKL41bD52POWSlDCSIh FFLWi8oRa49isnXVBlqF =RPjF -----END PGP SIGNATURE-----
Current thread:
- CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)
- Re: CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)
- Re: CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)