oss-sec mailing list archives
CVE request -- bibtex, pam_ssh
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 01 Apr 2009 14:29:57 +0200
Hello Steve, could you allocate new CVE ids for the following two issues: 1, bibtex invalid reads/writes when parsing big *.bib file (valgrind reports suspicious behavior) References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920 (texlive-base-bin) https://bugzilla.redhat.com/show_bug.cgi?id=492136 (tetex, texlive) The problem is in bibtex, but looks like it is shipped in various packages for various vendors. 2, pam_ssh Password prompt varies for existent and non-existent users References: http://bugs.gentoo.org/show_bug.cgi?id=263579 https://bugzilla.redhat.com/show_bug.cgi?id=492153 While this is not problem of pam, pam_ssh is affected. Also admit this is a very low security issue (affecting special configurations), but in any case the password prompt should be always the same. Successfully reproduced. Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE request -- bibtex, pam_ssh Jan Lieskovsky (Apr 01)
- Re: CVE request -- bibtex, pam_ssh Steven M. Christey (Apr 08)