[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2012-05-28 8:43:45
Message-ID: 4FC33AC1.5070404 () redhat ! com
[Download RAW message or body]

Hello Steve, vendors,

previously the CVE identifier of CVE-2012-2391 has been assigned to the following issue:
[1] http://www.openwall.com/lists/oss-security/2012/05/23/12
[2] http://www.openwall.com/lists/oss-security/2012/05/23/15

Today when checking CVE new mail, noticed the CVE-2012-2942 yet:

======================================================
Name: CVE-2012-2942
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2942 [Open URL]
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20120527
Category:
Reference: CONFIRM:http://haproxy.1wt.eu/#news [Open URL]
Reference: CONFIRM:http://haproxy.1wt.eu/download/1.4/src/CHANGELOG [Open URL]
Reference: 
CONFIRM:http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b 
[Open URL]
Reference: BID:53647
Reference: URL:http://www.securityfocus.com/bid/53647 [Open URL]
Reference: SECUNIA:49261
Reference: URL:http://secunia.com/advisories/49261 [Open URL]
Reference: XF:haproxy-trash-bo(75777)
Reference: URL:http://xforce.iss.net/xforce/xfdb/75777 [Open URL]

Buffer overflow in the trash buffer in the header capture
functionality in HAProxy before 1.4.21, when global.tune.bufsize is
set to a value greater than the default and header rewriting is
enabled, allows remote attackers to cause a denial of service and
possibly execute arbitrary code via unspecified vectors.


Both of these are referring to the same issue.

Steve, CVE-assign could you clarify which CVE id should be kept and
which one should be rejected as duplicate?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic