DSA-1941 lists three reserved CVE entries for Poppler issues, but there aren't any more details, which makes it difficult to create CVE descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and CVE-2009-3908 don't have any details as far as I can tell. Can anybody help? - Steve
http://git.kernel.org/linus/4253119acf412fd686ef4bd8749b5a4d70ea3a51 "Lennert Buytenhek noticed a remotely triggerable problem in mac80211, which is due to some code shuffling I did that ended up changing the order in which things were done -- this was in commit d75636ef9c1af224f1097941879d5a8db7cd04e5 Author: Johannes Berg <johannes@...> Date: Tue Feb 10 21:25:53 2009 +0100 mac80211: RX aggregation: clean up stop session The problem is that the BUG_ON moved before the various checks, and as such can be triggered. As the comment indicates, the BUG_ON can be removed since the ampdu_action callback must already exist when the state is OPERATIONAL. A similar code path leads to a WARN_ON in ieee80211_stop_tx_ba_session, which can also be removed." Btw, FYI, there's another issue that was also introduced by the same code shuffling patch (commit d75636ef) but was fixed in another patch (commit 827d42c9). It was assigned with CVE-2009-4026. Thanks, Eugene -- -- Eugene Teo / Red Hat Security Response Team(Continue reading)
On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey" <coley@...> wrote: > > DSA-1941 lists three reserved CVE entries for Poppler issues, but there > aren't any more details, which makes it difficult to create CVE > descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and > CVE-2009-3908 don't have any details as far as I can tell. > > Can anybody help? They look like typos to me. That DSA lists 7 CVE-2009-390x CVEs, while it should probably list CVE-2009-3*6*0x ones. CVE-2009-390[345] are public and for unrelated applications. Changelog seems to list correct ids: +poppler (0.8.7-3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2009-3603 to CVE-2009-3609, CVE-2009-0755. Based on patches + by Marc Deslauriers + * Fix CVE-2009-3938 + + -- Moritz Muehlenhoff <jmm@...> Tue, 24 Nov 2009 21:54:26 +0100 HTH -- -- Tomas Hoger / Red Hat Security Response Team(Continue reading)
On Mon, 2009-11-30 at 20:08 -0500, Steven M. Christey wrote: > DSA-1941 lists three reserved CVE entries for Poppler issues, but there > aren't any more details, which makes it difficult to create CVE > descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and > CVE-2009-3908 don't have any details as far as I can tell. > > Can anybody help? That's supposed to be CVE-2009-3603 to CVE-2009-3609. Marc. -- -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
On Mon, 30 Nov 2009 20:08:56 -0500 (EST) Steven M. Christey wrote: > > DSA-1941 lists three reserved CVE entries for Poppler issues, but there > aren't any more details, which makes it difficult to create CVE > descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and > CVE-2009-3908 don't have any details as far as I can tell. > > Can anybody help? those appear to be typos in the DSA. the correct CVEs are CVE-2009-3606, CVE-2009-3607, CVE-2009-3608, and CVE-2009-3609, which follow in the CVE-2009-360* series of recent xpdf flaws. hope this helps. best wishes, mike
On Tue, Dec 01, 2009 at 08:37:54AM +0100, Tomas Hoger wrote: > On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey" > <coley@...> wrote: > > > > > DSA-1941 lists three reserved CVE entries for Poppler issues, but there > > aren't any more details, which makes it difficult to create CVE > > descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and > > CVE-2009-3908 don't have any details as far as I can tell. > > > > Can anybody help? > > They look like typos to me. That DSA lists 7 CVE-2009-390x CVEs, while > it should probably list CVE-2009-3*6*0x ones. CVE-2009-390[345] are > public and for unrelated applications. Yes, that is correct (and has been fixed in the Debian Security Tracker a few days ago: http://security-tracker.debian.org/tracker/source-package/poppler) I blame it on the new console mouse mode in Emacs 23 which broke copy&paste from a different tty with GPM(Disabling gpm-mouse-mode helps, as I found out later.) Cheers, Moritz
----- "Eugene Teo" <eugeneteo@...> wrote: > http://git.kernel.org/linus/4253119acf412fd686ef4bd8749b5a4d70ea3a51 > > "Lennert Buytenhek noticed a remotely triggerable problem in mac80211, > > which is due to some code shuffling I did that ended up changing the > order in which things were done -- this was in > > commit d75636ef9c1af224f1097941879d5a8db7cd04e5 > Author: Johannes Berg <johannes@...> > Date: Tue Feb 10 21:25:53 2009 +0100 > > mac80211: RX aggregation: clean up stop session > > The problem is that the BUG_ON moved before the various checks, and as > > such can be triggered. > > As the comment indicates, the BUG_ON can be removed since the > ampdu_action callback must already exist when the state is > OPERATIONAL. > > A similar code path leads to a WARN_ON in > ieee80211_stop_tx_ba_session, > which can also be removed." > > Btw, FYI, there's another issue that was also introduced by the same > code shuffling patch (commit d75636ef) but was fixed in another patch(Continue reading)
----- "Alex Legler" <a3li@...> wrote: > > a little blast from the past, I think this issue does not have a CVE > yet. If that is true, please assign a -2008 ID. > > http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1 > http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html > Steve, Can you give this one a 2008 ID? Thanks. -- -- JB
On 12/02/2009 09:40 PM, Josh Bressers wrote: > > ----- "Eugene Teo"<eugeneteo@...> wrote: > >> http://git.kernel.org/linus/4253119acf412fd686ef4bd8749b5a4d70ea3a51 >> >> "Lennert Buytenhek noticed a remotely triggerable problem in mac80211, >> >> which is due to some code shuffling I did that ended up changing the >> order in which things were done -- this was in >> >> commit d75636ef9c1af224f1097941879d5a8db7cd04e5 >> Author: Johannes Berg<johannes@...> >> Date: Tue Feb 10 21:25:53 2009 +0100 >> >> mac80211: RX aggregation: clean up stop session >> >> The problem is that the BUG_ON moved before the various checks, and as >> >> such can be triggered. >> >> As the comment indicates, the BUG_ON can be removed since the >> ampdu_action callback must already exist when the state is >> OPERATIONAL. >> >> A similar code path leads to a WARN_ON in >> ieee80211_stop_tx_ba_session, >> which can also be removed." >> >> Btw, FYI, there's another issue that was also introduced by the same(Continue reading)
On Wed, 2 Dec 2009, Eugene Teo wrote: > Actually, you can ignore this request. So what happened was that, there > were actually two patches for this, but Johannes combined them together > when he shared the fix with us. So, this is part of the fixes for > CVE-2009-4026: upstream commits (1) 4253119a and (2) 827d42c9. The Red Hat bug report lists both CVE-2009-4026 and CVE-2009-4027 but doesn't actually link these two CVEs to any specific fix/issue: https://bugzilla.redhat.com/show_bug.cgi?id=541149 We associated CVE-2009-4026 with commit 827d42c9ac91ddd728e4f4a31fefb906ef2ceff7, and we associated CVE-2009-4027 with commit d92684e66091c0f0101819619b315b4bb8b5bcc5. Here is the logic chain that we had to follow in order to perform this association. The History section of 541149 indicates that this "mac80211: fix spurious delBA handling" bug was assigned both CVE-2009-4026 and CVE-2009-4027 on 20091125. All activity in this bug is by Eugene Teo. The fix for the bug is in commit 827d42c9ac91ddd728e4f4a31fefb906ef2ceff7. As mentioned in oss-security/2009/12/01/2, the portion of this bug that was introduced by the d75636ef9c1af224f1097941879d5a8db7cd04e5 commit in 2009 is CVE-2009-4026. Therefore, the portion of the bug that was introduced by the d92684e66091c0f0101819619b315b4bb8b5bcc5 commit in 2008 is CVE-2009-4027. The 827d42c9ac91ddd728e4f4a31fefb906ef2ceff7 commit(Continue reading)
RSS Feed149 | |
|---|---|
194 | |
244 | |
237 | |
322 | |
214 | |
157 | |
186 | |
185 | |
232 | |
207 | |
150 | |
127 | |
235 | |
209 | |
292 | |
188 | |
333 | |
144 | |
239 | |
204 | |
133 | |
162 | |
258 | |
224 | |
155 | |
354 | |
319 | |
168 | |
149 | |
136 | |
187 | |
84 | |
175 | |
137 | |
117 | |
141 | |
115 | |
118 | |
122 | |
94 | |
72 | |
74 | |
105 | |
122 | |
102 | |
98 | |
84 | |
59 | |
96 | |
114 | |
75 | |
81 | |
89 | |
108 | |
127 | |
123 | |
127 | |
126 | |
149 | |
112 | |
136 | |
143 | |
103 | |
103 |
