oss-sec mailing list archives
Re: CVE request: Two vulnerabilities in Tor
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 24 Mar 2015 00:41:30 -0600
With apologies, I thought they had been unlocked in BZ, did so now (they are public now). On 03/24/2015 12:15 AM, Salvatore Bonaccorso wrote:
Hi all, On Mon, Mar 23, 2015 at 07:13:27PM +0100, Moritz Muehlenhoff wrote:Hi, please assign two CVE IDs for tor: The upstream announcement is here: https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html 1. | Fix a remote denial-of-service opportunity caused by a bug in | OSX's _strlcat_chk() function. Fixes bug 15205; bug first | appeared in OSX 10.9. https://trac.torproject.org/projects/tor/ticket/15205 2. | A relay could crash with an assertion error if a buffer of | exactly the wrong layout was passed to buf_pullup() at exactly the | wrong time. https://trac.torproject.org/projects/tor/ticket/15083 The second issue has been addressed in DSA 3203: https://lists.debian.org/debian-security-announce/2015/msg00088.html (the first obviously not, since it's MacOS-specific)There is anothr one which was fixed in the same versions, and could potentially get a CVE: https://trac.torproject.org/projects/tor/ticket/14129 Regards, Salvatore
-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: Two vulnerabilities in Tor Moritz Muehlenhoff (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor cve-assign (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)