oss-sec mailing list archives
Re: CVE request: Two vulnerabilities in Tor
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 24 Mar 2015 07:15:59 +0100
Hi all, On Mon, Mar 23, 2015 at 07:13:27PM +0100, Moritz Muehlenhoff wrote:
Hi, please assign two CVE IDs for tor: The upstream announcement is here: https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html 1. | Fix a remote denial-of-service opportunity caused by a bug in | OSX's _strlcat_chk() function. Fixes bug 15205; bug first | appeared in OSX 10.9. https://trac.torproject.org/projects/tor/ticket/15205 2. | A relay could crash with an assertion error if a buffer of | exactly the wrong layout was passed to buf_pullup() at exactly the | wrong time. https://trac.torproject.org/projects/tor/ticket/15083 The second issue has been addressed in DSA 3203: https://lists.debian.org/debian-security-announce/2015/msg00088.html (the first obviously not, since it's MacOS-specific)
There is anothr one which was fixed in the same versions, and could potentially get a CVE: https://trac.torproject.org/projects/tor/ticket/14129 Regards, Salvatore
Current thread:
- CVE request: Two vulnerabilities in Tor Moritz Muehlenhoff (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor cve-assign (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)