oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: Two vulnerabilities in Tor

From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 23 Mar 2015 19:13:27 +0100
Hi,
please assign two CVE IDs for tor:

The upstream announcement is here:
https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html

1.
| Fix a remote denial-of-service opportunity caused by a bug in
| OSX's _strlcat_chk() function. Fixes bug 15205; bug first
| appeared in OSX 10.9.

https://trac.torproject.org/projects/tor/ticket/15205

2.
| A relay could crash with an assertion error if a buffer of
| exactly the wrong layout was passed to buf_pullup() at exactly the
| wrong  time.

https://trac.torproject.org/projects/tor/ticket/15083

The second issue has been addressed in DSA 3203:
https://lists.debian.org/debian-security-announce/2015/msg00088.html
(the first obviously not, since it's MacOS-specific)

Cheers,
        Moritz
Previous By Date Next
Previous By Thread Next

Current thread: