oss-sec mailing list archives
Re: CVE request: spencer regexp
From: Siddharth Sharma <siddharth () redhat com>
Date: Wed, 11 Mar 2015 08:26:47 -0400 (EDT)
Hi, Is there a CVE which was assigned to this flaw ? Regards, ------------------------------------------- Siddharth Sharma / Red Hat Product Security ----- Original Message ----- From: "Moritz Muehlenhoff" <jmm () debian org> To: oss-security () lists openwall com Cc: cve-assign () mitre org Sent: Monday, February 16, 2015 11:49:15 PM Subject: [oss-security] CVE request: spencer regexp Hi, please assign a CVE ID for this: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ This affects multiple source packages including local copies of the code. However, in many cases the code is only used when building for Android or Windows. Current WIP status for source packages in Debian: https://security-tracker.debian.org/tracker/TEMP-0778389-A8C6F9 Cheers, Moritz
Current thread:
- CVE request: spencer regexp Moritz Muehlenhoff (Feb 16)
- Re: CVE request: spencer regexp Siddharth Sharma (Mar 11)
- Re: CVE request: spencer regexp cve-assign (Mar 11)
- Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
- Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
- Re: Re: CVE request: spencer regexp Alistair Crooks (Mar 12)
- Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
- Re: CVE request: spencer regexp cve-assign (Mar 16)