oss-sec mailing list archives
Re: CVE request: lcms 1.x buffer overflows
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 22 Aug 2013 00:25:51 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/21/2013 02:52 PM, Thijs Kinkhorst wrote:
On Wed, August 21, 2013 22:20, Kurt Seifried wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/05/2013 06:49 AM, Raphael Geissert wrote:On 5 August 2013 07:25, Thijs Kinkhorst <thijs () debian org> wrote:Buffer overflows have been reported in Little CMS 1.x: http://bugs.debian.org/718682Just a quick note: one of the affected parts of the code is a sample and the other is the tiffdiff(1) tool, where the buffer overflow is triggered by the file names passed as arguments. Cheers,can you post the filenames/affected code? thanks.You can find it in this patch: https://bugzilla.redhat.com/attachment.cgi?id=783274 linked from: https://bugzilla.redhat.com/show_bug.cgi?id=991757
Ahhh sigh. One note: if anyone sees security related flaws in our BZ not marked as such please set the "Security" keyword and SRT will get magically notified and we'll take a look at it. Please use CVE-2013-4276 for this issue.
Cheers, Thijs
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSFa7uAAoJEBYNRVNeJnmTkj8QAKScy7a42U0+jiMg5suTTzgn 21Iyk4z9Rlqmr4I4tBCFy9Z4Ikee3X/1nWfABDnzib1b+kbWpIahG0/GZ7yHkEaa sJbu/Igj1AxhEiZm3RPpPNX/BmVL+nrgqBasHLQ4Cj3HXZbNDepffltYaSfgLYz+ Xt5vsGwF1gbeijoxazPvB0LDruP+cohKU4JcItqg8brgBC3ADqyObcPxjWNTzHV6 9QeNYv3NA4mIWbw/y4XRpCvxu9pSOtiO30K3wFvG/z1NoVXHVXmj+/fddKjvrCy9 KVPRukncYD4/8KPRO+6hzYYawLOaBNJDNhs15z13jlgCBVEK1vmlLDCnlx9ObOXk WemBb4C7GskDq1TgzNayuTgrNZI8utFYcILIIEHE6q7DQOiqblYdIUbAASLpQ6xZ YlXI1V7sInpg+RIQ2EYaV/VIQucy74wA3gPu1mWPsV78wBeng43//wyn++e6drjZ 1iacao6m0sGh05XcQiM9BkU6ekddAbSijCiSJ8eKNbCPFC0b77B93SFj8/KcehfN Ss8gwibQGiS8X21C1vgW6R+OV5d8ldwtdaNdvSlLCdwtLjblOaiQQbTdNk/45Crc +mmJcWjpqdaelFdokTRX9pVbO3/J52NDjMTUY4d+AqttvaBi3Y0XlvXVrNei2G9t 18iFm4e5gQzbPOA2wyJu =A+zt -----END PGP SIGNATURE-----
Current thread:
- CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 04)
- Re: CVE request: lcms 1.x buffer overflows Raphael Geissert (Aug 05)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Raphael Geissert (Aug 05)