|
Message-ID: <5078265A.3070408@redhat.com> Date: Fri, 12 Oct 2012 08:16:58 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Matthias Weckbecker <mweckbecker@...e.de> Subject: Re: libproxy PAC downloading buffer overflows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/12/2012 08:02 AM, Matthias Weckbecker wrote: > On Friday 12 October 2012 15:46:47 Kurt Seifried wrote: >> On 10/12/2012 02:43 AM, Tomas Hoger wrote: >>> Hi! >>> >>> libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz: >>> >>> http://code.google.com/p/libproxy/source/detail?r=853 >>> https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E >> >> >>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504 >> >>> Upstream announcement also mentions another issue - >>> CVE-2012-4505. It is related, but different problem that was >>> found in pre-0.4 versions while investigating if they were >>> affected by CVE-2012-4504. >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505 >> >> Please use CVE-2012-4521 for this issue. > > Wasn't this rather a CVE notification than a CVE request? At least > it looked like this to me. The announcement mentions two CVE. > > Matthias > Please REJECT CVE-2012-4521, sorry I literally just woke up and can't read so good it seems. Mea culpa. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQeCZaAAoJEBYNRVNeJnmTw/4QALxRjQNmDcaTVp3F1J+dESnU JZLy2QX22cfgXIj6SW4bZI8CMSCfUHfiYsPcOMTnSNsKpCZIb/HonhIfqyuRQilU ZLuPiA9DsUqlgD7MXCsQIXbSia3oNusWgh7Me5ntaA601mWFZFS9E3HWM4UY1m7W iq7LuF2Q+9ZKvgw9kETIYAUnjo78ZtqYImBaE1ZAS2+vxTuIg30hbt3eMBksgsW8 LPYgA6REetSkyi6kxoV02avhcASBh20mIvrABH0KWqXr6+Ivw4BxUddbXbnwTYJP eZvei439bypDnU6t+a+Jqd2MFIWNifSyqsGu3gkgX2P72xDGMBhUVdX/bNu3ditI SBo3DfH+vueE4wclQhlRyu6apBna4kPXnJM2wtiK1k+ND7HNUT/H5z8isLA0m4NH Ci5jpHtq8OQTFxlpwjmHfhWERsRhWI/JDfkKWu/ovR836hNolBCU8/2UihV4MQKO Uivf3/JbkkIB1BM55Yv5uUVEIVjxT6mzEFWjUbP0PLrQlKa6SFAXRRtYTHk/hnCt h1qInmrzrovwZiansGs9Sm4X6gW2N+0hiAsMJUb6PuTRlqGqKfwmc0HexxbCpOw1 yQ/k9Z/PBHMVhiVlro7sFdHUqeak60cIDRXJzamOG96HlQC0W3TJ8QXJQgFdySBL uZ26meQPR3om/cvPe1m8 =GvzZ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.