[oss-security] CVE request for wireshark flaws

Can I get CVEs assigned to the following wireshark flaws?

1) An uninitialized variable in the CSN.1 dissector could cause a crash.

Affects: 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-17.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
https://bugzilla.redhat.com/show_bug.cgi?id=750643

2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
the Infiniband dissector could dereference a NULL pointer.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-18.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
https://bugzilla.redhat.com/show_bug.cgi?id=750645

3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-19.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508
https://bugzilla.redhat.com/show_bug.cgi?id=750648

-- Vincent Danen / Red Hat Security Response Team

• This message: [ Message body ]
• Next message: Vincent Danen: "Re: [oss-security] CVE request for Django-piston and Tastypie"
• Previous message: Kurt Seifried: "Re: [oss-security] CVE request for Django-piston and Tastypie"
• Next in thread: Kurt Seifried: "Re: [oss-security] CVE request for wireshark flaws"
• Reply: Kurt Seifried: "Re: [oss-security] CVE request for wireshark flaws"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]