[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due impro
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-06-15 19:57:27
Message-ID: 4FDB93A7.2050308 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/15/2012 11:59 AM, Stefan Cornelius wrote:
> On 05/22/2012 07:39 PM, Kurt Seifried wrote:
>>> B) vte issue: =============
>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5
>
>>> there is similar issue in vte too (Gnome bug private for now):
>>> https://bugzilla.gnome.org/show_bug.cgi?id=676090
>
>>> Cc-ed Behdad Esfahbod on this post to clarify, what are the
>>> upstream plans regarding this report in vte and if the CVE id
>>> has been already assigned for it.
>
>> Will wait for confirmation.
>
>
> Hi,
>
> I think http://www.openwall.com/lists/oss-security/2012/05/23/6 is
> a reasonable confirmation. Additionally, upstream fixed this in
> 0.32.2:
> http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news
>
> In case you agree that all requirements are fulfilled, could you
> please assign a CVE to the B) part?
>
> Thanks in advance and kind regards,
Please use CVE-2012-2738 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJP25OnAAoJEBYNRVNeJnmTfRAQAKhtUxuCxr9qGvssp2dsF7+h
eKMGKwEiQfof8CSZJYh6TBVA1ywb0RbIBK8te6pRN7HFBSTQYttrwiVXtfNStXLQ
V5+5/IE6oCwtBduVlGpITnnzCMn5BjHvXGbrzQacAQdeaBaOfHgLP+oBXZmrqrkO
Hj/eIsFBwAyY0ETC/FrEuZFAf544bE3P2Az8dn8qWRS3jrIisVAZHlbvjHoTzy/W
ALJ2JPbuMQC+dlS9AyRwFr9b3q0D9E8pe03HxDUCTCltjizgsSDx+wNO1HeDSpAD
XBShdMrnXPddznjVQi2Kx3dY23upa+595Qq2lAOVun9bq/BBQDw0Xj2XjuO0olS5
n/rPoT4QK6wyX+KGM4tCDQWa3d3BCv3HvaDqYp1DVJhdS3AzU/lml4JCiuif0i3H
gB8Sa0ybK78WbUDU9+C1OacpZBMbsyCDunQ/YPLwERwVn7QqJvXrvx6sQjzNI77e
BuLGM3JZFQhOYyCemUsdkNRK7ocf2eGWQQi2mybKwmy4ph48WLhY1PIRLqhqZjUw
T/i6xeaY4G30h/p6A9Cecb/Teormse8yhUY3s0EJ/3Hxc09cfrNo0hsaRDr7haEm
/OJzH635LqUwndsXyO6qMRK3I7rY5JS0ztSEGbSlAo2iTrBDfjBxMjkpt2STBqZH
V9Cldd7gAN5PADYDzdiz
=b9Af
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic