oss-sec mailing list archives
Re: CVE id request: tor
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 12 Sep 2012 19:23:48 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/12/2012 01:40 PM, Nico Golde wrote:
Hi, * Kurt Seifried <kseifried () redhat com> [2012-09-12 19:01]:On 09/12/2012 06:34 AM, Nico Golde wrote:Hi, from the tor release notes[0]: Changes in version 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more opportunities for remotely triggerable assertions. o Security fixes: - Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object. Bug found by fuzzing with Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients. Fixes bug 6690; bugfix on 0.2.1.10-alpha. I have not seen CVE ids for these issues. Can you assign ids for them? [0] https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
Can you attach links to the code commits? thanks
I didn't have them when I sent this mail. Should be: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
Cheers Nico
Thanks for the links. Please use CVE-2012-4419 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUTWkAAoJEBYNRVNeJnmT+QUP/RHczOGvPLxgw8PvzX+vihwQ UbtlYK+STddooFRpJUTUDjawjaY/KBKzMt1tus6vQrREZb0g9HDDQVtzgEz2fzXy KTko9atXNGiJZCJ8Q3UrtElL23QhzZco1+76pZso4jSVIOWLR2UWxFUmf7b1obVV OC51cxm8fTkHXYrvACYbmQGcO9tKOkHimJle4O3Kr7togiRVdqSIDotVJy/7PZ8P +PeHRbA7E7Cu/atiDyfY25KvaLZtSL0H/9SwcYUxKQfI83eVqtyciU+7Yr5z8leT Lc7EmUmr7jCUEEhh/sP/8bX2iTEQiHyXDWFkFTddgyJpvTHcJOM2tYWTOrg3gR0K AD/R05vM2l9OLhFoGIbBPCk41ZtXa/zZTkAneFhhPQnmjjT/Qudw1h3YWO877O0C bNAq2r3b+/Hixs9DnK4CeMpuOWqQPkF7Bl6mODSlKz0MadR4rJsofawJ+nG8pnAP Wm9XautufJsDwjhKq9uOjM3E/r/KXLepm3Vr9ERhlU9unEDgrzTd0ycqU68jzFYV vtYB15eN7GOwfMh4YAFq8n+PZxk7fpeiKl3Hk+Q+IAYCYXEEkS+jDoUKyr2IV+J4 JQeMEisOekJ/XT9gbkcewNN69oszO4WolQXXEX3S5wNMbFZ5Fbx4teuXRU1t7HSs L0f2zHBJpw1Zt86rpLj1 =6GNC -----END PGP SIGNATURE-----
Current thread:
- CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)
- Re: CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)
- Re: CVE id request: tor Nico Golde (Sep 12)
- Re: CVE id request: tor Kurt Seifried (Sep 12)