'Re: [oss-security] CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due impro'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due impro
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-06-15 19:57:27
Message-ID: 4FDB93A7.2050308 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/15/2012 11:59 AM, Stefan Cornelius wrote:
> On 05/22/2012 07:39 PM, Kurt Seifried wrote:
>>> B) vte issue: ============= 
>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5
> 
>>> there is similar issue in vte too (Gnome bug private for now):
>>>  https://bugzilla.gnome.org/show_bug.cgi?id=676090
> 
>>> Cc-ed Behdad Esfahbod on this post to clarify, what are the 
>>> upstream plans regarding this report in vte and if the CVE id
>>> has been already assigned for it.
> 
>> Will wait for confirmation.
> 
> 
> Hi,
> 
> I think http://www.openwall.com/lists/oss-security/2012/05/23/6 is
> a reasonable confirmation. Additionally, upstream fixed this in
> 0.32.2: 
> http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news
> 
> In case you agree that all requirements are fulfilled, could you
> please assign a CVE to the B) part?
> 
> Thanks in advance and kind regards,

Please use CVE-2012-2738 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP25OnAAoJEBYNRVNeJnmTfRAQAKhtUxuCxr9qGvssp2dsF7+h
eKMGKwEiQfof8CSZJYh6TBVA1ywb0RbIBK8te6pRN7HFBSTQYttrwiVXtfNStXLQ
V5+5/IE6oCwtBduVlGpITnnzCMn5BjHvXGbrzQacAQdeaBaOfHgLP+oBXZmrqrkO
Hj/eIsFBwAyY0ETC/FrEuZFAf544bE3P2Az8dn8qWRS3jrIisVAZHlbvjHoTzy/W
ALJ2JPbuMQC+dlS9AyRwFr9b3q0D9E8pe03HxDUCTCltjizgsSDx+wNO1HeDSpAD
XBShdMrnXPddznjVQi2Kx3dY23upa+595Qq2lAOVun9bq/BBQDw0Xj2XjuO0olS5
n/rPoT4QK6wyX+KGM4tCDQWa3d3BCv3HvaDqYp1DVJhdS3AzU/lml4JCiuif0i3H
gB8Sa0ybK78WbUDU9+C1OacpZBMbsyCDunQ/YPLwERwVn7QqJvXrvx6sQjzNI77e
BuLGM3JZFQhOYyCemUsdkNRK7ocf2eGWQQi2mybKwmy4ph48WLhY1PIRLqhqZjUw
T/i6xeaY4G30h/p6A9Cecb/Teormse8yhUY3s0EJ/3Hxc09cfrNo0hsaRDr7haEm
/OJzH635LqUwndsXyO6qMRK3I7rY5JS0ztSEGbSlAo2iTrBDfjBxMjkpt2STBqZH
V9Cldd7gAN5PADYDzdiz
=b9Af
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic