Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 6 Mar 2012 21:42:39 +0100

On Tue, 6 Mar 2012 09:31:10 -0500 Andres Gomez wrote:

2012/3/5 Kurt Seifried <kseifried () redhat com>

Would you consider tham to be the same code base or a different code
base? If the same code base, share the CVE, if different code
bases, new CVE for it. Steve: do we have a policy for "Fresh" forks
as it were?

Well, Speed Dreams started with TORCS code base, but they have added
a lot new code, so I would say that right now they have different
code base, although they still share a big portion of the code (as
the vulnerable section).  Because of that I would consider It needs a
new CVE number, could you assign one to it?  :)

Their code bases may differ significantly in other parts, but it seems
the affected vulnerable code is still identical between the two.
Following are versions shortly before fixes got committed:


In cases like this, same CVE is used for all project that use / embed
the same affected code.

Tomas Hoger / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]