oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for Privoxy 3.0.24

From: cve-assign () mitre org
Date: Thu, 21 Jan 2016 22:00:33 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


- Prevent invalid reads in case of corrupt chunk-encoded content.
  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197


Use CVE-2016-1982 for the issues fixed in this revision: they all seem
closely associated with CWE-130.



- Remove empty Host headers in client requests.
  Previously they would result in invalid reads.
  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303


Use CVE-2016-1983 for this issue, which seems to be about falsely
concluding that "Host: " is present after a check for only the "Host:"
substring.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWoZpDAAoJEL54rhJi8gl5xdYP/jxEbGcBErFJ8dYGrSlbFB5a
BDCgDl/Jxrsg/c6+dLLmhIWCSaho75yPoH0Y5kdTiPHpqBgGvZTLUpC4Djo7AIov
oYIsV/IsOfmEyldsHD8oHg9AXMm/cob25M2Id9nQzqqwwa32w3FaXY14DPckJoC/
sJnGy77ZO66n0kqSdc6D8E4irqpibzKfpwjfIb4YxcFRHjtEC2qjd4e/msM5ZqjU
eOBa88nip/tYYozeSAAhWdMvtReIghqWFZP9WTg4BuNDk9rVFp2y7mhjkieLvu1A
F1z84RSRgZr7/f7Y17PRBbi+f4/63xBSTFilboj3u2aqTGxtUScKa6Pa2ZZrntaf
0noIpTr/R5QptbQOXDCrGMqMEysId1AD/zSs4qTAFJVOkWt+UYn4LaV7B7A51bSq
BzC/f2A7mc72Gzcq0PLY6ZQV+ROgWRtpouHDiuhrUVPh/s18VREVyI7h5ZDBax9Z
6vZ4O+nPj0ltY33GwkDsACLTteCYW97WI9twM47XTrZgcajwdz+B/DPc7iI6HQNq
15QbuvibVIPlI89wpY+t0kPlRhq+Wt3hLwxTU1kns1KtbfyMvEL3h7frjUI8lQMl
ZwocisN2A5aUMrAXR7ypO+KCvd/MooZC4bCmQ/7vA9D3Ud/DfMzM2Ozdzl7oRuo8
lWNdVM9PB+NWRABUUny1
=XMf+
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: