subject:"Bug#648359\: \[CVE\-2011\-4000\] Unspecified buffer overflow vulnerability"

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

2011-11-23 Thread NOKUBI Takatsugu

I wrote a DSA draft, check it please. BTW, JVN's workaround is not correct. There is also the same problem in ChaSen 2.3.3. -- DSA--1 chasen -- buffer overflow Affected Packages: libchasen2 libchasen-dev libtext-chasen-perl Vulnerable: Yes Security database references: In Mitre's CVE dict

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

2011-11-23 Thread NOKUBI Takatsugu

Sorry, the previous patch was wrong, here is the second patch. BTW, the security issue coms from fixed length string buffer (CHA_INPUT_SIZE = 8192) and input string will be longer than 8192 bytes in some situation. The patch is for chasen_sparse_str() function, and the function works almost same

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

2011-11-23 Thread NOKUBI Takatsugu

At Tue, 22 Nov 2011 21:16:14 +0100, Moritz Mühlenhoff wrote: > > > JPCERT disclosed an unspecified buffer overflow vulnerability in > > > ChaSen: > > > > > > > > > > > > Apparently, upstream will not provide patches. Would you be willing > > > to work

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

2011-11-23 Thread Hideki Yamane

Hi, On Tue, 22 Nov 2011 21:16:14 +0100 Moritz Mühlenhoff wrote: > Any results yet? We've got report from JPCERT and Nokubi-san made a patch for it and send it to them. Should it be reviewed by security-team before disclose it? -- Regards, Hideki Yamane henrich @ debian.or.jp/org ht

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

2011-11-22 Thread Moritz Mühlenhoff

On Mon, Nov 14, 2011 at 10:01:41PM +0900, Hideki Yamane wrote: > Hi, > > On Thu, 10 Nov 2011 20:18:15 +0100 > Florian Weimer wrote: > > JPCERT disclosed an unspecified buffer overflow vulnerability in > > ChaSen: > > > > > > > > Apparently, upstream

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

2011-11-14 Thread Hideki Yamane

Hi, On Thu, 10 Nov 2011 20:18:15 +0100 Florian Weimer wrote: > JPCERT disclosed an unspecified buffer overflow vulnerability in > ChaSen: > > > > Apparently, upstream will not provide patches. Would you be willing > to work on this issue if we can o

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

2011-11-10 Thread Florian Weimer

Package: libchasen2 Version: 2.4.4-16 Severity: grave Tags: security JPCERT disclosed an unspecified buffer overflow vulnerability in ChaSen: Apparently, upstream will not provide patches. Would you be willing to work on this issue if we can obtain f

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

7 matches

Site Navigation

Mail list logo

Footer information