oss-sec mailing list archives
Re: CVE request: two issues in libmicrohttpd
From: Florian Weimer <fweimer () redhat com>
Date: Mon, 09 Dec 2013 18:02:44 +0100
On 12/09/2013 03:04 AM, Murray McAllister wrote:
Florian Weimer of the Red Hat Product Security Team discovered two issues in libmicrohttpd: 1) https://bugzilla.redhat.com/show_bug.cgi?id=1039384 2) https://bugzilla.redhat.com/show_bug.cgi?id=1039390 References: https://gnunet.org/svn/libmicrohttpd/ChangeLog http://secunia.com/advisories/55903/ https://bugs.gentoo.org/show_bug.cgi?id=493450 Can CVEs please be assigned?
There are two more patches I recommend cherry-picking (if you consider the other two worth fixing). All these fixes border on hardening.
------------------------------------------------------------------------ r30927 | grothoff | 2013-11-28 11:05:52 +0100 (Thu, 28 Nov 2013) | 1 line -handle case that original allocation request was zero ------------------------------------------------------------------------ r30926 | grothoff | 2013-11-28 10:16:38 +0100 (Thu, 28 Nov 2013) | 1 line -fix theoretical overflow issue reported by Florian Weimer -- Florian Weimer / Red Hat Product Security Team
Current thread:
- CVE request: two issues in libmicrohttpd Murray McAllister (Dec 08)
- Re: CVE request: two issues in libmicrohttpd Florian Weimer (Dec 09)
- Re: CVE request: two issues in libmicrohttpd cve-assign (Dec 09)