Re: CVE request: Two vulnerabilities in Tor

[Kurt Seifried <kseifried () redhat com>]

With apologies, I thought they had been unlocked in BZ, did so now (they
are public now).

On 03/24/2015 12:15 AM, Salvatore Bonaccorso wrote:
> Hi all,
>
> On Mon, Mar 23, 2015 at 07:13:27PM +0100, Moritz Muehlenhoff wrote:
> > Hi,
> > please assign two CVE IDs for tor:
> >
> > The upstream announcement is here:
> > https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html
> >
> > 1.
> > | Fix a remote denial-of-service opportunity caused by a bug in
> > | OSX's _strlcat_chk() function. Fixes bug 15205; bug first
> > | appeared in OSX 10.9.
> >
> > https://trac.torproject.org/projects/tor/ticket/15205
> >
> > 2.
> > | A relay could crash with an assertion error if a buffer of
> > | exactly the wrong layout was passed to buf_pullup() at exactly the
> > | wrong  time.
> >
> > https://trac.torproject.org/projects/tor/ticket/15083
> >
> > The second issue has been addressed in DSA 3203:
> > https://lists.debian.org/debian-security-announce/2015/msg00088.html
> > (the first obviously not, since it's MacOS-specific)
>
> There is anothr one which was fixed in the same versions, and could
> potentially get a CVE:
>
> https://trac.torproject.org/projects/tor/ticket/14129
>
> Regards,
> Salvatore

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature