Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=367471
Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow
Product: Fedora
Version: f7
Platform: All
URL:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
OS/Version: Linux
Status: NEW
Severity: low
Priority: low
Component: mono
AssignedTo: alexl(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list@redhat.com,paul(a)all-the-
johnsons.co.uk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
"Buffer overflow in the Mono.Math.BigInteger class in Mono allows
context-dependent attackers to execute arbitrary code via unspecified vectors."
Patch extracted from Debian's 1.2.2.1-1etch1 patchkit (attached) seems to apply
to 1.2.5.1 in devel with some line offsets, I have done no further analysis.
------- Additional Comments From ville.skytta(a)iki.fi 2007-11-05 16:08 EST -------
Created an attachment (id=248611)
--> (
https://bugzilla.redhat.com/attachment.cgi?id=248611&action=view)
Patch from Debian
--
Configure bugmail:
https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.