oss-sec mailing list archives
Re: CVE Request - OpenSLP 2.0 Memory Corruption
From: cve-assign () mitre org
Date: Wed, 28 Sep 2016 13:26:59 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
: : https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/ : Use CVE-2016-7567. Why did this get a 2016 CVE?
Bug 151: Fix memory corruption due to possible overflow in SLPFoldWhiteSpace 2015-12-01
"possible overflow" in the 2015 reference was not interpreted to mean a definitive statement of a security problem, and the defining reference is the http://www.openwall.com/lists/oss-security/2016/09/27/4 posting itself, which occurred in 2016. In other words, either a CVE-2015- number or a CVE-2016- number may have been reasonable but we chose the latter. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX6/yDAAoJEHb/MwWLVhi2gXgQALabK0bQBMvo1WbF4nbg2zDB nJxmBxNLCbIE0EzGimrh/ytHwHO2eBpVxRsHTGBD9gkiKWi6IdlNk6nPqNndwmGf XfNVA/HCAd5LbuvkxOgYtAxTEWfvbvUqty5xtXl8Fr9OzBzO8D3a6IheTRgTqdP0 VhOBUiLi9G/EEuDGIKP1ly5/1UhSWGc83itsjlR/4751EnXPkIX7xkp8QLged5pR YAoxVg66bbmuL5g9PKA+1Vit5MmlookIJ8t6CYcPHoSolmRc4Wfa7WDMxgxZrp63 BkML/2DlFoM/zWP9APLOtlLN+tx2NuQKDv01f7t6zXD4nmZug/kK5CwOSErooM+l e/dga/C4SUzNzH1VHppFYyeZtzBBV7ggsW1d6GUp6OKQaBbd32st+18Qb9qiQ3HA Ina1/a+kiAL7yrSY07Rc06Z1P8KzhQTWK/apEnE/bLdSLtuFmDZtr0u80auLfZvy KOMOa1+UOhome6x8cs+oCMTF5/DxPF2+K1Jyss6uW8tFlfywLsnmkC7KLRSzsqzu KKEyrf5vCuZELF5V6UjYdgELTYcNJZmhjgBk8ReKofJ5AXHW+hRy7EagZnQ+9DX2 K+Y6JubZxBI2Ie/8TZ+ec4Vf23E8xjPiRr7qxSYWxmBvzjNhwaWhgn1FQ0yG/+t3 cYwq0Wg1ktDWw26KYtvm =l+Su -----END PGP SIGNATURE-----
Current thread:
- CVE Request - OpenSLP 2.0 Memory Corruption Reno Robert (Sep 27)
- Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign (Sep 27)
- <Possible follow-ups>
- Re: CVE Request - OpenSLP 2.0 Memory Corruption jericho (Sep 28)
- Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign (Sep 28)