oss-sec mailing list archives
CVE id request: tor
From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 12 Sep 2012 14:34:53 +0200
Hi,
from the tor release notes[0]:
Changes in version 0.2.2.39 - 2012-09-11
Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
assertions.
o Security fixes:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
- Do not crash when comparing an address with port value 0 to an
address policy. This bug could have been used to cause a remote
assertion failure by or against directory authorities, or to
allow some applications to crash clients. Fixes bug 6690; bugfix
on 0.2.1.10-alpha.
I have not seen CVE ids for these issues.
Can you assign ids for them?
[0] https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
Attachment:
_bin
Description:
Current thread:
- CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)
- Re: CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)
- Re: CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)