[Secure-testing-commits] r55611 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Sep 9 15:36:59 UTC 2017
Author: carnil
Date: 2017-09-09 15:36:59 +0000 (Sat, 09 Sep 2017)
New Revision: 55611
Modified:
data/CVE/list
Log:
Clarify libbson notes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-09 15:20:15 UTC (rev 55610)
+++ data/CVE/list 2017-09-09 15:36:59 UTC (rev 55611)
@@ -12,10 +12,10 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489355
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489356
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489362
- NOTE: Issue possibly introduced only with https://github.com/mongodb/libbson/commit/0f501e7ed51a42d5502d319bce35b41f1a3aa112 (1.7.0-rc0)
- NOTE: which introduces UTF-8 validation during JSON encoding.
- NOTE: Only after that the utf8_len=4294967295 as shown with the POC
- NOTE: is passed to bson_utf8_validate via src/bson/bson-iter.c:2069
+ NOTE: Latest https://github.com/mongodb/libbson/commit/0f501e7ed51a42d5502d319bce35b41f1a3aa112 (1.7.0-rc0)
+ NOTE: uncovers the issue, which introduces UTF-8 validation during JSON encoding.
+ NOTE: Only after that the utf8_len=4294967295 as shown with the POC is passed to
+ NOTE: bson_utf8_validate via src/bson/bson-iter.c:2069
CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and ...)
- libwpd <unfixed>
NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269
More information about the Secure-testing-commits
mailing list