Re: CVE request: Two vulnerabilities in Tor

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html

> 2.
> | A relay could crash with an assertion error if a buffer of
> | exactly the wrong layout was passed to buf_pullup() at exactly the
> | wrong time.
>
> https://trac.torproject.org/projects/tor/ticket/15083

Use CVE-2015-2688.


> There is another one which was fixed in the same versions, and could
> potentially get a CVE:
>
> https://trac.torproject.org/projects/tor/ticket/14129

Use CVE-2015-2689.


> 1.
> | Fix a remote denial-of-service opportunity caused by a bug in
> | OSX's _strlcat_chk() function. Fixes bug 15205; bug first
> | appeared in OSX 10.9.
>
> https://trac.torproject.org/projects/tor/ticket/15205

We need to ask Apple whether they are assigning a CVE ID to this as a
vulnerability in their strlcat_chk.c code.
https://trac.torproject.org/projects/tor/ticket/15205#comment:7 says
"A kind soul has filed a bug report with apple. Thanks, Andreas!" --
does anyone know what the Apple bug number is?

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVEamJAAoJEKllVAevmvmsCvYIALISZLgBRHwQLCE3sWk1LnHC
7Eqs6HjxOWuDtW8GDbKFbmhWB1DkiHEtfPfB5r7FHvZBPaEvXcivkRMJZU01J+ek
7965dn95OvwuFbLz8eGssWI11TFev+w72kT0i61WdSCOql6sNnVeN943c3vqWFGh
E60CdqvDLc58qGAhVqLhwWqSFIumNT7MSj6lFLyBsfGl2Kmrmov1f5hESsvuoYux
Hcq7EXWjePo/0wIKcI5GPCh8CIHtGnl4T/VdVfWevz+eRqQ6p3F5z7kCM5dTIqWp
FJgN7KvccbnLXsoTXX1SysdrjH+oapvJo0sIFC/YTxeVCDaTKnbl0o5ef/clLH8=
=ZZmK
-----END PGP SIGNATURE-----