oss-sec mailing list archives
CVE request: Invalid pointer dereference in the GNOME librest library
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 04 Mar 2015 11:55:06 +0100
The OAuth implementation in librest, a helper library for RESTful services part of the GNOME project, incorrectly truncates the pointer returned by the rest_proxy_call_get_url function call, leading to an application crash, or worse. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644 Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1183982 The security impact was noted in 2015, although the bug was fixed in 2014. -- Florian Weimer / Red Hat Product Security
Current thread:
- CVE request: Invalid pointer dereference in the GNOME librest library Florian Weimer (Mar 04)
- Re: CVE request: Invalid pointer dereference in the GNOME librest library cve-assign (Mar 23)