oss-sec mailing list archives
CVE Requests: Multiple security flaws in csound5
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Mon, 16 Apr 2012 10:58:39 +0530
Hi Folks, Multiple security flaws were reported in csound5, details below. Can CVE ids be please assigned to these issues? 1. Integer overflow leading to buffer overflow in pv_import Reference: https://bugzilla.redhat.com/show_bug.cgi?id=810802 http://secunia.com/secunia_research/2012-7/ There seems to be two patches for this issue. The earlier fix was incomplete and a second patch had to be applied later. 2. Integer overflow leading to buffer overflow in lpc_import Reference: https://bugzilla.redhat.com/show_bug.cgi?id=810807 http://secunia.com/secunia_research/2012-6/ Though the commit date does not match up with the date described in the secunia advisory, this is the only commit which seems to match the flaw description. 3. Stack-based buffer overflow in lpc_import Reference: https://bugzilla.redhat.com/show_bug.cgi?id=810810 http://secunia.com/secunia_research/2012-4/ John, Can you please review the patches and let us know if they are correct? Thanks! -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Current thread:
- CVE Requests: Multiple security flaws in csound5 Huzaifa Sidhpurwala (Apr 15)
- Re: CVE Requests: Multiple security flaws in csound5 Kurt Seifried (Apr 16)
- Re: CVE Requests: Multiple security flaws in csound5 john ffitch (Apr 19)