[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?
From:       cve-assign () mitre ! org
Date:       2015-12-31 16:21:59
Message-ID: 20151231162159.3BC0E332057 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> In conv_euctojis() the comparison is with outlen - 3, but each pass
> through the loop uses up to 5 bytes and the rest of the function may
> add another 4 bytes. The comparison should presumably be 
> '<= outlen - 9' or equivalently '< outlen - 8'.

Use CVE-2015-8708 for this additional issue that exists because
of an incomplete fix for CVE-2015-8614.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWhVWsAAoJEL54rhJi8gl583EP/Ar22NETcsAQunMB1xi81oyH
vkto+MAV1mgFL/eKrIoE0Khka+hUdF3N5YBF6GvNR2nV6bDigWurxyWpYZirXMp1
R5+SpbjsRoeqck/l7r9laILvZceudpiZwDcM60YQgwHjrUMRp82b/Xix7orIvctj
QKqaXvGKr4Uqb8ELOgMoewtcf3PtalLaXFwFzmAlbbVV52QTZlESwWXvVzM4Wde4
BM82WAT+mePcYzc4gt7525D0BXaPglBoqW/eOis22Xk0+26J3aU7MjWU2e9DY+mI
xN9UV0qRBUFK1wpmX0NsedzQkE7fFp3J5L1bzlmrVoFjWXEvZRdm8VyF9ql9XcE4
9jH0RKgCh8SWZJxsp1wZ0O7FRWLye2p23Pu+IBl6ZTQBDtfZJhdSpFnvD8b3ozcq
JmOuR00HngwYtPjvcwXSz5Uo80XBw7fY/7FUUVpYPioKqbnfyNT8Yqpf+3O5gAKu
15fRQ7/xxeE5RIM8tuXwI1UdguExWcF5EYijrOBtjnm2TamFhgeeDjhNnx7tpyVG
FmfOf2mHj8i1OooSnnG2xOzz6jeXZDXC+ILqj0P3ba6NK++vg67V/Ol/ps8Bnvm4
Jt1m3Cl9cHwePC7n49dxPBeNL1mY4B5YJEcuD0fsfA3znnG2ySvhdgguvW7+cTii
IlR4SKZFQqONyagYD9Zl
=xxDi
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]