Hi,
On Tue, Jul 23, 2019 at 08:57:49AM -0700, Japheth Cleaver wrote:
Although some of these overflows are not exploitable, others, including an XSS vulnerability are. [... ? CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473, ? CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
Can either you or Graham get a bit more into the details regarding the impact of any of these vulnerabilities ? or point out a posting where they are explained in more detail? So far I wasn't able to dig up any posting or similar, e.g. by the Cambridge CSIRT or Graham.
Currently the severity as well as the actual impact of these issues is quite unclear ? also because the CVE-IDs all still say "RESERVED".
Regards, Axel--
,''. | Axel Beckert <abe at debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin . ' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 - | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE