oss-sec mailing list archives
CVE request: three issues in libksba
From: Martin Prpic <mprpic () redhat com>
Date: Fri, 29 Apr 2016 16:24:52 +0200
Hi, Can CVEs please be assigned to these three issues (unless they've already been assigned and I failed to find them): Denial of Service due to stack overflow in src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a Integer overflow in the BER decoder src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887 Integer overflow in the DN decoder src/dn.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 A Gentoo advisory lists them as being fixed in version 1.3.3 and higher: https://lwn.net/Alerts/685271/ Thank you! -- Martin Prpič / Red Hat Product Security
Current thread:
- CVE request: three issues in libksba Martin Prpic (Apr 29)
- Re: CVE request: three issues in libksba cve-assign (Apr 29)
- Re: Re: CVE request: three issues in libksba Andreas Stieger (May 10)
- Re: CVE request: three issues in libksba cve-assign (May 10)
- Re: Re: CVE request: three issues in libksba Andreas Stieger (May 10)
- Re: CVE request: three issues in libksba cve-assign (Apr 29)