[Bug 367471] New: CVE-2007-5197: mono Math.BigInteger buffer overflow
bugzilla at redhat.com
bugzilla at redhat.com
Mon Nov 5 21:08:43 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=367471
Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow
Product: Fedora
Version: f7
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
OS/Version: Linux
Status: NEW
Severity: low
Priority: low
Component: mono
AssignedTo: alexl at redhat.com
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: fedora-security-list at redhat.com,paul at all-the-
johnsons.co.uk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
"Buffer overflow in the Mono.Math.BigInteger class in Mono allows
context-dependent attackers to execute arbitrary code via unspecified vectors."
Patch extracted from Debian's 1.2.2.1-1etch1 patchkit (attached) seems to apply
to 1.2.5.1 in devel with some line offsets, I have done no further analysis.
------- Additional Comments From ville.skytta at iki.fi 2007-11-05 16:08 EST -------
Created an attachment (id=248611)
--> (https://bugzilla.redhat.com/attachment.cgi?id=248611&action=view)
Patch from Debian
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-security-list
mailing list