oss-sec mailing list archives
Re: Re: CVE Request - roundcubemail
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 17 Dec 2008 13:30:11 +0100
On Tue, 2008-12-16 at 20:31 -0500, Steven M. Christey wrote:
On Sat, 13 Dec 2008, Florian Weimer wrote:* Ingrid wrote:Therefore, I agree with Raphael that the issue has not been found yet.The general issue of /e in preg_replace is covered by CWE-624 Executable Regular Expression Error (http://cwe.mitre.org/data/definitions/624.html) which has a couple other CVE examples. I bet there's a chunk of these in various applications. I believe Perl has similar functionality.
Use CVE-2008-5619 for the issue. Note there's a separate DoS issue, CVE-2008-5620.
Steve, thanks for pointing this out! Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - roundcubemail Jan Lieskovsky (Dec 12)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 16)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 17)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 17)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 24)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 28)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 15)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 15)
- Re: Re: CVE Request - roundcubemail Christian Hoffmann (Dec 15)
- Re: Re: CVE Request - roundcubemail Raphael Geissert (Dec 16)