oss-sec mailing list archives
CVE request: Two vulnerabilities in Tor
From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 23 Mar 2015 19:13:27 +0100
Hi, please assign two CVE IDs for tor: The upstream announcement is here: https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html 1. | Fix a remote denial-of-service opportunity caused by a bug in | OSX's _strlcat_chk() function. Fixes bug 15205; bug first | appeared in OSX 10.9. https://trac.torproject.org/projects/tor/ticket/15205 2. | A relay could crash with an assertion error if a buffer of | exactly the wrong layout was passed to buf_pullup() at exactly the | wrong time. https://trac.torproject.org/projects/tor/ticket/15083 The second issue has been addressed in DSA 3203: https://lists.debian.org/debian-security-announce/2015/msg00088.html (the first obviously not, since it's MacOS-specific) Cheers, Moritz
Current thread:
- CVE request: Two vulnerabilities in Tor Moritz Muehlenhoff (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor cve-assign (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)