oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: mwlib < 0.13.5 DoS flaw

From: Vincent Danen <vdanen () redhat com>
Date: Mon, 5 Mar 2012 10:06:35 -0700
Could a CVE be assigned to the following please?

It was reported that mwlib suffered from a flaw that could allow a
remote attacker to perform a denial of service attack on a mwlib
installation by forcing it to parse a specially-crafted #iferror magic
function.  This has been corrected in upstream version 0.13.5.

References:

http://groups.google.com/group/mwlib/browse_thread/thread/c2bd1cee77a8a79?hl=en
http://www.google.com/url?sa=D&q=https://github.com/pediapress/mwlib/pull/10&usg=AFQjCNHgoXQUYFtEj0L8VP5K8Xn_GoTOyw
https://github.com/pediapress/mwlib/commit/aa987c281c10e29f26aa0faa21c04f3bb1167fde
https://bugzilla.redhat.com/show_bug.cgi?id=800064

--
Vincent Danen / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: