From daniel at opensecurityfoundation.org Sat Feb 9 19:36:30 2013 From: daniel at opensecurityfoundation.org (Daniel Moeller) Date: Sat, 9 Feb 2013 18:36:30 -0700 Subject: [VIM] BID 57333 / 57629 duplicate question. Message-ID: http://www.securityfocus.com/bid/57333, VLC Media Player Demuxer Denial of Service Vulnerability, credited to Debasish Mandal, January 15th, 2013. http://www.securityfocus.com/bid/57629, VLC Media Player ASF File Handling Buffer Overflow Vulnerability, credited to Debasish Mandal, January 30th, 2013. We can't find any references that suggest these are different vulnerabilities. Based on the information available they seem to be duplicates of the issue described in http://www.videolan.org/security/sa1302.html, which was reported in http://trac.videolan.org/vlc/ticket/8024. Daniel OSVDB.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From vuln at secunia.com Mon Feb 11 03:33:32 2013 From: vuln at secunia.com (Secunia Research) Date: Mon, 11 Feb 2013 10:33:32 +0100 Subject: [VIM] BID 57333 / 57629 duplicate question. In-Reply-To: References: Message-ID: <00d601ce083a$dbed7220$93c85660$@secunia.com> Hi Daniel, Your question pertains to BIDs, which are issued by SecurityFocus and not Secunia. You should contact the moderators / maintainers at SecurityFocus (http://www.securityfocus.com/) for this information. -- Kind regards, Chaitanya Sharma Advisory Team Lead Secunia, Mikado House, Rued Langgaards Vej 8, 2300 Copenhagen S, Denmark. http://www.secunia.com Phone: +45 7020 5144 Fax: +45 7020 5145 -----Original Message----- From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of Daniel Moeller Sent: Sunday, February 10, 2013 2:37 AM To: vim at attrition.org Subject: [VIM] BID 57333 / 57629 duplicate question. http://www.securityfocus.com/bid/57333, VLC Media Player Demuxer Denial of Service Vulnerability, credited to Debasish Mandal, January 15th, 2013. http://www.securityfocus.com/bid/57629, VLC Media Player ASF File Handling Buffer Overflow Vulnerability, credited to Debasish Mandal, January 30th, 2013. We can't find any references that suggest these are different vulnerabilities. Based on the information available they seem to be duplicates of the issue described in http://www.videolan.org/security/sa1302.html, which was reported in http://trac.videolan.org/vlc/ticket/8024. Daniel OSVDB.org From Narayan_Agarwalla at symantec.com Mon Feb 11 07:10:23 2013 From: Narayan_Agarwalla at symantec.com (Narayan Agarwalla) Date: Mon, 11 Feb 2013 05:10:23 -0800 Subject: [VIM] BID 57333 / 57629 duplicate question. In-Reply-To: <00d601ce083a$dbed7220$93c85660$@secunia.com> References: <00d601ce083a$dbed7220$93c85660$@secunia.com> Message-ID: <96CC6D276D1CC043905F0666B28DA2CB2AA0E95E75@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Hi, Retired bid 57629 as a duplicate of BID 57333. Thanks and Regards, Narayan -----Original Message----- From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of Secunia Research Sent: Monday, February 11, 2013 3:04 PM To: 'Vulnerability Information Managers' Cc: Vuln at secunia.com Subject: Re: [VIM] BID 57333 / 57629 duplicate question. Hi Daniel, Your question pertains to BIDs, which are issued by SecurityFocus and not Secunia. You should contact the moderators / maintainers at SecurityFocus (http://www.securityfocus.com/) for this information. -- Kind regards, Chaitanya Sharma Advisory Team Lead Secunia, Mikado House, Rued Langgaards Vej 8, 2300 Copenhagen S, Denmark. http://www.secunia.com Phone: +45 7020 5144 Fax: +45 7020 5145 -----Original Message----- From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of Daniel Moeller Sent: Sunday, February 10, 2013 2:37 AM To: vim at attrition.org Subject: [VIM] BID 57333 / 57629 duplicate question. http://www.securityfocus.com/bid/57333, VLC Media Player Demuxer Denial of Service Vulnerability, credited to Debasish Mandal, January 15th, 2013. http://www.securityfocus.com/bid/57629, VLC Media Player ASF File Handling Buffer Overflow Vulnerability, credited to Debasish Mandal, January 30th, 2013. We can't find any references that suggest these are different vulnerabilities. Based on the information available they seem to be duplicates of the issue described in http://www.videolan.org/security/sa1302.html, which was reported in http://trac.videolan.org/vlc/ticket/8024. Daniel OSVDB.org From daniel at opensecurityfoundation.org Tue Feb 12 19:49:38 2013 From: daniel at opensecurityfoundation.org (Daniel Moeller) Date: Tue, 12 Feb 2013 18:49:38 -0700 Subject: [VIM] CVE errors in ZDI-13-011 / ZDI-13-012 Message-ID: http://www.zerodayinitiative.com/advisories/ZDI-13-011/ lists CVE-2013-3213which doesn't exist according to the CVE entry, and is not part of the Oracle CPU linked to. CVE-2012-3213does exist in that CPU, and seems to be the intended reference. http://www.zerodayinitiative.com/advisories/ZDI-13-012/ has the same problem, though the CVE is simply reserved, with CVE-2013-1543vs CVE-2012-1543 . Daniel OSVDB.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From Narayan_Agarwalla at symantec.com Wed Feb 13 09:06:23 2013 From: Narayan_Agarwalla at symantec.com (Narayan Agarwalla) Date: Wed, 13 Feb 2013 07:06:23 -0800 Subject: [VIM] CVE errors in ZDI-13-011 / ZDI-13-012 In-Reply-To: References: Message-ID: <96CC6D276D1CC043905F0666B28DA2CB2AA0E96C29@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Hi, Looks like the same error is also present in http://www.zerodayinitiative.com/advisories/ZDI-13-013/ list CVE-2013-1543 which is not a part of the Oracle CPU and they linked it to CVE-2012-1543. Can you please correct it? Regards, Narayan From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of Daniel Moeller Sent: Wednesday, February 13, 2013 7:20 AM To: vim at attrition.org Cc: zdi-disclosures at tippingpoint.com Subject: [VIM] CVE errors in ZDI-13-011 / ZDI-13-012 http://www.zerodayinitiative.com/advisories/ZDI-13-011/ lists CVE-2013-3213 which doesn't exist according to the CVE entry, and is not part of the Oracle CPU linked to. CVE-2012-3213 does exist in that CPU, and seems to be the intended reference. http://www.zerodayinitiative.com/advisories/ZDI-13-012/ has the same problem, though the CVE is simply reserved, with CVE-2013-1543 vs CVE-2012-1543. Daniel OSVDB.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From zdi-disclosures at tippingpoint.com Wed Feb 13 09:35:39 2013 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Wed, 13 Feb 2013 09:35:39 -0600 Subject: [VIM] CVE errors in ZDI-13-011 / ZDI-13-012 In-Reply-To: <96CC6D276D1CC043905F0666B28DA2CB2AA0E96C29@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> References: <96CC6D276D1CC043905F0666B28DA2CB2AA0E96C29@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Message-ID: <511BB2CB.5020606@hp.com> That issue was called out in Daniel's original mail below and is not a new issue. We are correcting both issues. Regards, The ZDI Team On 2/13/2013 9:06 AM, Narayan Agarwalla wrote: > > Hi, > > Looks like the same error is also present in > http://www.zerodayinitiative.com/advisories/ZDI-13-013/ list > CVE-2013-1543 which is not a part of the Oracle CPU and they linked it > to CVE-2012-1543. > > Can you please correct it? > > Regards, > > Narayan > > *From:*vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] > *On Behalf Of *Daniel Moeller > *Sent:* Wednesday, February 13, 2013 7:20 AM > *To:* vim at attrition.org > *Cc:* zdi-disclosures at tippingpoint.com > *Subject:* [VIM] CVE errors in ZDI-13-011 / ZDI-13-012 > > http://www.zerodayinitiative.com/advisories/ZDI-13-011/ lists > CVE-2013-3213 > > which doesn't exist according to the CVE entry, and is not part of the > Oracle CPU linked to. CVE-2012-3213 > does > exist in that CPU, and seems to be the intended reference. > http://www.zerodayinitiative.com/advisories/ZDI-13-012/ has the same > problem, though the CVE is simply reserved, with CVE-2013-1543 > vs > CVE-2012-1543 > . > > Daniel > OSVDB.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zdi-disclosures at tippingpoint.com Wed Feb 13 13:28:33 2013 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Wed, 13 Feb 2013 13:28:33 -0600 Subject: [VIM] CVE errors in ZDI-13-011 / ZDI-13-012 In-Reply-To: <511BB2CB.5020606@hp.com> References: <96CC6D276D1CC043905F0666B28DA2CB2AA0E96C29@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> <511BB2CB.5020606@hp.com> Message-ID: <511BE961.3020302@hp.com> These issues have been corrected and reflecting appropriately on our published advisories page: http://www.zerodayinitiative.com/advisories/published/ Regards, The ZDI Team On 2/13/2013 9:35 AM, ZDI Disclosures wrote: > That issue was called out in Daniel's original mail below and is not a > new issue. > > We are correcting both issues. > > Regards, > The ZDI Team > > On 2/13/2013 9:06 AM, Narayan Agarwalla wrote: >> >> Hi, >> >> Looks like the same error is also present in >> http://www.zerodayinitiative.com/advisories/ZDI-13-013/ list >> CVE-2013-1543 which is not a part of the Oracle CPU and they linked >> it to CVE-2012-1543. >> >> Can you please correct it? >> >> Regards, >> >> Narayan >> >> *From:*vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] >> *On Behalf Of *Daniel Moeller >> *Sent:* Wednesday, February 13, 2013 7:20 AM >> *To:* vim at attrition.org >> *Cc:* zdi-disclosures at tippingpoint.com >> *Subject:* [VIM] CVE errors in ZDI-13-011 / ZDI-13-012 >> >> http://www.zerodayinitiative.com/advisories/ZDI-13-011/ lists >> CVE-2013-3213 >> >> which doesn't exist according to the CVE entry, and is not part of >> the Oracle CPU linked to. CVE-2012-3213 >> >> does exist in that CPU, and seems to be the intended reference. >> http://www.zerodayinitiative.com/advisories/ZDI-13-012/ has the same >> problem, though the CVE is simply reserved, with CVE-2013-1543 >> vs >> CVE-2012-1543 >> . >> >> Daniel >> OSVDB.org >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: