[Bug 367471] New: CVE-2007-5197: mono Math.BigInteger buffer overflow

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/show_bug.cgi?id=367471

           Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow
           Product: Fedora
           Version: f7
          Platform: All
               URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
        OS/Version: Linux
            Status: NEW
          Severity: low
          Priority: low
         Component: mono
        AssignedTo: alexl at redhat.com
        ReportedBy: ville.skytta at iki.fi
         QAContact: extras-qa at fedoraproject.org
                CC: fedora-security-list at redhat.com,paul at all-the-
                    johnsons.co.uk


http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197

"Buffer overflow in the Mono.Math.BigInteger class in Mono allows
context-dependent attackers to execute arbitrary code via unspecified vectors."

Patch extracted from Debian's 1.2.2.1-1etch1 patchkit (attached) seems to apply
to 1.2.5.1 in devel with some line offsets, I have done no further analysis.

------- Additional Comments From ville.skytta at iki.fi  2007-11-05 16:08 EST -------
Created an attachment (id=248611)
 --> (https://bugzilla.redhat.com/attachment.cgi?id=248611&action=view)
Patch from Debian


-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.