oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Wireshark multiple vulnerabilities

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Tue, 17 Jan 2012 13:16:38 +0530
On 01/16/2012 01:19 AM, Kurt Seifried wrote:


I agree in principle, however in practice this is a lot of work (as you
well know =). I guess my question/concern would be is who does the
research to verify all this, and what if it varies by version (i.e. it
is 6 separate issues in an older version but the newer version combined
some code into a common library for example so it's only a single issue,
but with multiple avenues of attack/etc.). In other words a lot of
potential work.



I did some research, with details available at:
https://bugzilla.redhat.com/show_bug.cgi?id=773726#c2 and
https://bugzilla.redhat.com/show_bug.cgi?id=773726#c3

In my opinion only 1 and 2 (ie ws bug 6663 and ws bug
6670) should be allocated a CVE.

Others are application crashes.




--
Huzaifa Sidhpurwala / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: