Bug 114310 - CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Summary: CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pwlib
Version: 1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Alexander Larsson
QA Contact:
URL: http://www.postincrement.com/openh323...
Whiteboard:
: 115563 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-01-26 15:15 UTC by Mark J. Cox
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-03-15 11:37:14 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Mark J. Cox 2004-01-26 15:15:02 UTC 
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.

"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines." 

Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6

CVE applied for (should be one name)
Comment 1 Alexander Larsson 2004-01-27 11:06:03 UTC 
I think this requires changes that are slightly different than the
ones the RHL9/AS needed, since its a slightly later version. Maybe we
should upgrade to the fixed version?
Comment 2 Mark J. Cox 2004-02-17 13:36:07 UTC 
*** Bug 115563 has been marked as a duplicate of this bug. ***
Comment 3 Leonard den Ottolander 2004-02-17 20:55:42 UTC 
As the patch from RHL 9 applies cleanly and the fix you applied seems
correct I don't see any reason to change the patch for use with FC1.
1.4.7 and 1.5.0 don't appear that much different at first sight.
Comment 4 Alexander Larsson 2004-02-20 12:06:30 UTC 
the test-update is out
Note You need to log in before you can comment on or make changes to this bug.