[VIM] Clarification on xfs CVE's

Steven M. Christey coley at mitre.org
Fri Oct 5 20:49:30 UTC 2007


As of right now, this is my understanding of the CVE's associated with
the xfs issues.  This was a complicated issue pre-disclosure that
didn't get resolved until after some initial announcements.  I hope
it's resolved, anyway :)

  CVE-2007-4989 and CVE-2007-4990 were originally reserved by iDefense
  from me.  CVE-2007-4568 was separately assigned by the Red Hat CNA
  to both build_range and swap_char2b because they were both regarded
  as integer overflows, so I deferred to Red Hat and suggested to
  vendor-sec that CVE-2007-4989 and CVE-2007-4990 should be regarded
  as dupes.  However, subsequent discussion suggested that swap_char2b
  is not an integer overflow, but by the time this conclusion was
  released, CVE-2007-4568 had already been included in several
  disclosures.  So, CVE-2007-4990 was used to handle swap_char2b.

This is why some disclosures only have CVE-2007-4568, and others list
all three CVEs.

At this moment, I have:

CVE-2007-4568 - build_range integer overflow
CVE-2007-4989 - REJECT as dupe of 4568
CVE-2007-4990 - swap_char2b "heap corruption"

- Steve

More information about the VIM mailing list