Bug 114310

Summary: CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Product: [Fedora] Fedora Reporter: Mark J. Cox <mjc>
Component: pwlibAssignee: Alexander Larsson <alexl>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1CC: leonard-rh-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.postincrement.com/openh323/nissc_vulnerabilty.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-03-15 11:37:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2004-01-26 15:15:02 UTC 
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.

"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines." 

Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6

CVE applied for (should be one name)
Comment 1 Alexander Larsson 2004-01-27 11:06:03 UTC 
I think this requires changes that are slightly different than the
ones the RHL9/AS needed, since its a slightly later version. Maybe we
should upgrade to the fixed version?
Comment 2 Mark J. Cox 2004-02-17 13:36:07 UTC 
*** Bug 115563 has been marked as a duplicate of this bug. ***
Comment 3 Leonard den Ottolander 2004-02-17 20:55:42 UTC 
As the patch from RHL 9 applies cleanly and the fix you applied seems
correct I don't see any reason to change the patch for use with FC1.
1.4.7 and 1.5.0 don't appear that much different at first sight.
Comment 4 Alexander Larsson 2004-02-20 12:06:30 UTC 
the test-update is out