Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189
From: Andres Gomez <agomez () fluidsignal com>
Date: Fri, 9 Mar 2012 09:13:26 -0500

2012/3/6 Tomas Hoger <thoger () redhat com>


Their code bases may differ significantly in other parts, but it seems
the affected vulnerable code is still identical between the two.
Following are versions shortly before fixes got committed:


http://torcs.cvs.sourceforge.net/viewvc/torcs/torcs/torcs/src/modules/graphic/ssggraph/grsound.cpp?revision=1.31.2.2&view=markup

http://speed-dreams.svn.sourceforge.net/viewvc/speed-dreams/trunk/src/modules/graphic/ssggraph/grsound.cpp?revision=4146&view=markup

In cases like this, same CVE is used for all project that use / embed
the same affected code.


 Ok, understood, thanks.



Write up the description and send it to Mitre =).

  I already did, I sent details but they have not disclosed them in web
page http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1189, maybe i
used a wrong email address (cve-assign () mitre org).



 So, what Mitre's email could I send CVE-2012-1189 details?

Regards

Andres Gomez

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]