Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140927160123.GA20819@riva.ucam.org>
Date: Sat, 27 Sep 2014 17:01:23 +0100
From: Colin Watson <cjwatson@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Darren Hiebert <dhiebert@...rs.sourceforge.net>
Subject: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript
 file

Hi,

https://bugs.debian.org/742605 was reported some time ago against the
Debian package of Exuberant Ctags (http://ctags.sourceforge.net/); it's
a CPU/disk denial of service that results from attempting to run ctags
over large volumes of public source code.

Upstream fix, determined by bisection:
  http://sourceforge.net/p/ctags/code/791/

As far as I know this was not identified as a security problem upstream,
just fixed as a normal bug in the course of development.  The
sources.debian.net use case turns it into a DoS though.  CCing the
upstream author for his information.

Not affected: 5.6
Affected: 5.8 (the latest release)

Since we'd like to issue patches for this bug as security updates,
please could I have a CVE identifier for this?

Thanks,

-- 
Colin Watson                                       [cjwatson@...ian.org]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.