oss-sec mailing list archives
Re: CVE request: Wireshark multiple vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 15 Jan 2012 12:49:57 -0700
On 01/12/2012 10:55 PM, Huzaifa Sidhpurwala wrote:
There are 6 file format crashes here. In the interest of vendors, which dont always rebase to the newer version, would it be convenient to split these into 6 CVEs? I doubt some older versions are affected by only some crashers.
I agree in principle, however in practice this is a lot of work (as you well know =). I guess my question/concern would be is who does the research to verify all this, and what if it varies by version (i.e. it is 6 separate issues in an older version but the newer version combined some code into a common library for example so it's only a single issue, but with multiple avenues of attack/etc.). In other words a lot of potential work. -- -- Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE request: Wireshark multiple vulnerabilities Agostino Sarubbo (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 12)
- Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 12)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 15)
- Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 16)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 17)
- Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 19)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 19)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)