oss-security - CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-Id: <1237985171.3387.36.camel@dhcp-lab-164.englab.brq.redhat.com>
Date: Wed, 25 Mar 2009 13:46:11 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security <oss-security@...ts.openwall.com>
Subject: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen

Hello Steve,

  could you please allocate new CVE ids for the following issues?

1, zsh Stack-based buffer overflow due improper escaping of the '!' character
   References: 
   https://bugs.launchpad.net/ubuntu/+source/zsh/+bug/333722
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521108
   https://bugzilla.redhat.com/show_bug.cgi?id=492089

2, XFree86-xfs / xorg-x11-xfs Unsafe usage of temporary file
   References:
   https://bugs.launchpad.net/ubuntu/+source/xfs/+bug/299560  
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107
   https://bugzilla.novell.com/show_bug.cgi?id=408006
   https://bugzilla.redhat.com/show_bug.cgi?id=492098

3, screen: Unsafe usage of temporary file
   References:
   https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123  
   https://bugzilla.redhat.com/show_bug.cgi?id=492104

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.