[Bug 1116887] New: VUL-1: CVE-2018-19387: tmux: format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service
http://bugzilla.opensuse.org/show_bug.cgi?id=1116887 Bug ID: 1116887 Summary: VUL-1: CVE-2018-19387: tmux: format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/219484/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: nemysis@openSUSE.org Reporter: kbabioch@suse.com QA Contact: security-team@suse.de CC: mimi.vx@gmail.com Found By: Security Response Team Blocker: --- CVE-2018-19387 format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19387 http://www.cvedetails.com/cve/CVE-2018-19387/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19387 https://github.com/tmux/tmux/issues/1547 https://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d75... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1116887 http://bugzilla.opensuse.org/show_bug.cgi?id=1116887#c2 Ondřej Súkup <osukup@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |osukup@suse.com Resolution|--- |FIXED --- Comment #2 from Ondřej Súkup <osukup@suse.com> --- SR and MR on way to Factory and Leap 15.0 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1116887 http://bugzilla.opensuse.org/show_bug.cgi?id=1116887#c4 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |astieger@suse.com, | |nemysis@openSUSE.org Resolution|FIXED |--- Assignee|nemysis@openSUSE.org |security-team@suse.de --- Comment #4 from Andreas Stieger <astieger@suse.com> --- re-assigning to security -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1116887 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1116887 http://bugzilla.opensuse.org/show_bug.cgi?id=1116887#c5 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |WONTFIX --- Comment #5 from Andreas Stieger <astieger@suse.com> --- CVE was rejected https://github.com/tmux/tmux/issues/1547#issuecomment-441228660 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1116887 http://bugzilla.opensuse.org/show_bug.cgi?id=1116887#c9 --- Comment #9 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1116887) was mentioned in https://build.opensuse.org/request/show/991295 Backports:SLE-15-SP4 / tmux -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com