Re: CVE request: billion laughs flaw in ptlib

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/15/2013 10:42 AM, Vincent Danen wrote:
> Ekiga 4.0.1 was released and noted a security fix in ptlib (seems
> to be embedded in Ekiga) for a "billion laughs" style attack.
> Could a CVE be assigned to this?
>
> Thanks.
>
> References: 
> http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available 
> http://opalvoip.svn.sourceforge.net/viewvc/opalvoip?view=revision&revision=28856
>
>  https://bugzilla.redhat.com/show_bug.cgi?id=922177

Please use CVE-2013-1864  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRQ1UOAAoJEBYNRVNeJnmTyf0P/39DtBbi0eRU77J7vXDbkP/6
gbZC4ivx+76m39lxio57eHrB4QH5pO0d6Ls17POnUWQSqnIn7k6OwBgMIT6XV5Ci
9L/9u1eaNftbdQ3n/sA72sCObWtQvAxaNgL04vuePXjz+RFuhS+Na6CSQPfWAXBa
D0/5Gq4FzsffUL0NZCB7phcdhpibu4be1ujbjSMQodGGd5Zw705SpScHaH2yI0an
nysaFCzojlLJV5pdJS5uTArE8CLXWuy3yhK2UYST0n6T0pjDuDrhFuyZsAap6IMI
8j8R5Z8rm8ChaBaWFp+SoKneFZarj8+ujq4pBuuzFl/Tyqefnv0K/+H5dPzO4zG1
hFBsHIB0sFy/ne/v/VBTZq+crjiUv6XWEnHl9wOoA504rbJZ9luyElSHcn62nBrk
+60JnQM6E0f3SiNsrW29okBfW+Dzl6Vax4uZr1kfpo1B9qxYA1bWKMBGqcifzu1d
+a8qMzLt572H6JiMtljChwWfmnd4occP9M40DFCCllDK2l2DhS7HNSRGLDRs+/g+
ursPDkqIy9AUCKp7ArjrzbEx36o7to8jKbFJXGr6si4a4pFAfvxHIKiSrJrsEHqp
sgDF2WyreeiTlWcgJBzH5jEbFPy3xTsDEhOR5a/QDVAHs7ziUPAyWyCYxXUb9x3J
cWmesGGY5QV3d8wVd7PU
=Mw1G
-----END PGP SIGNATURE-----