oss-sec mailing list archives

Re: CVE request: Two DoS vulneribilities in libextractor

From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 11 Oct 2017 06:45:49 +0200

Hi Leon,

On Wed, Oct 11, 2017 at 11:40:33AM +0800, Leon Zhao wrote:

Hello oss security,

I found two DoS vulneribilities in libextractor,

Affected version
1.4

1. Divide-By-Zero
https://bugzilla.redhat.com/show_bug.cgi?id=1499599
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html
Fixed

2. Null Pointer Dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1499600
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html
Fixed


As this states explicitly a 'CVE request' on the subject. Please note
that CVEs cannot be requested anymore via the oss-security list,
instead please fill the form at https://cveform.mitre.org/ 

Once you got CVEs assigned, can you please post those assignment
following up here on your original post to have the other members of
this list informed on the assignment.

Thanks for your contribution!

Regards,
Salvatore

Current thread:

CVE request: Two DoS vulneribilities in libextractor Leon Zhao (Oct 10)
- Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso (Oct 10)
- Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso (Oct 12)