Date: Fri, 1 Oct 2010 10:29:50 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: freeradius Requesting CVE names for two flaws fix in freeradius 2.1.10: DoS via certain DHCP requests  https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77  http://secunia.com/advisories/41621  http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279  https://bugzilla.redhat.com/show_bug.cgi?id=639390 crash when processing requests queued for more than 30 seconds  https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35  http://secunia.com/advisories/41621  http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223  https://bugzilla.redhat.com/show_bug.cgi?id=639397 Both issues only affect 2.1.x (1.1.x does not have the affected files or functions). It looks as though the first issue only affected 2.1.9; I'm not yet sure if or how far the second issue may go back. Could two CVE names be assigned to this issue please? Thanks! -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ