oss-sec mailing list archives
CVE request -- bibtex, pam_ssh
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 01 Apr 2009 14:29:57 +0200
Hello Steve,
could you allocate new CVE ids for the following two issues:
1, bibtex invalid reads/writes when parsing big *.bib file
(valgrind reports suspicious behavior)
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920 (texlive-base-bin)
https://bugzilla.redhat.com/show_bug.cgi?id=492136 (tetex, texlive)
The problem is in bibtex, but looks like it is shipped
in various packages for various vendors.
2, pam_ssh Password prompt varies for existent and non-existent users
References:
http://bugs.gentoo.org/show_bug.cgi?id=263579
https://bugzilla.redhat.com/show_bug.cgi?id=492153
While this is not problem of pam, pam_ssh is affected.
Also admit this is a very low security issue (affecting
special configurations), but in any case the password
prompt should be always the same. Successfully reproduced.
Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE request -- bibtex, pam_ssh Jan Lieskovsky (Apr 01)
- Re: CVE request -- bibtex, pam_ssh Steven M. Christey (Apr 08)
