oss-sec mailing list archives
Re: CVE request: Two vulnerabilities in Tor
From: cve-assign () mitre org
Date: Tue, 24 Mar 2015 14:17:00 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html
2. | A relay could crash with an assertion error if a buffer of | exactly the wrong layout was passed to buf_pullup() at exactly the | wrong time. https://trac.torproject.org/projects/tor/ticket/15083
Use CVE-2015-2688.
There is another one which was fixed in the same versions, and could potentially get a CVE: https://trac.torproject.org/projects/tor/ticket/14129
Use CVE-2015-2689.
1. | Fix a remote denial-of-service opportunity caused by a bug in | OSX's _strlcat_chk() function. Fixes bug 15205; bug first | appeared in OSX 10.9. https://trac.torproject.org/projects/tor/ticket/15205
We need to ask Apple whether they are assigning a CVE ID to this as a vulnerability in their strlcat_chk.c code. https://trac.torproject.org/projects/tor/ticket/15205#comment:7 says "A kind soul has filed a bug report with apple. Thanks, Andreas!" -- does anyone know what the Apple bug number is? - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVEamJAAoJEKllVAevmvmsCvYIALISZLgBRHwQLCE3sWk1LnHC 7Eqs6HjxOWuDtW8GDbKFbmhWB1DkiHEtfPfB5r7FHvZBPaEvXcivkRMJZU01J+ek 7965dn95OvwuFbLz8eGssWI11TFev+w72kT0i61WdSCOql6sNnVeN943c3vqWFGh E60CdqvDLc58qGAhVqLhwWqSFIumNT7MSj6lFLyBsfGl2Kmrmov1f5hESsvuoYux Hcq7EXWjePo/0wIKcI5GPCh8CIHtGnl4T/VdVfWevz+eRqQ6p3F5z7kCM5dTIqWp FJgN7KvccbnLXsoTXX1SysdrjH+oapvJo0sIFC/YTxeVCDaTKnbl0o5ef/clLH8= =ZZmK -----END PGP SIGNATURE-----
Current thread:
- CVE request: Two vulnerabilities in Tor Moritz Muehlenhoff (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor cve-assign (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)