Date: Tue, 14 Jun 2011 22:50:32 +0200 From: Wouter Coekaerts <wouter@...kaerts.be> To: oss-security@...ts.openwall.com Cc: Yann Kerherve <yann.kerherve@...il.com>, Matthew Wild <matthew@...sody.im> Subject: CVE Request: prosody DoS, djabberd external entity injection Hi, As far as I know, there's no CVE for these ones yet. Could you assign one? * prosody billion laughs DoS: http://blog.prosody.im/prosody-0-8-1-released/ * djabberd external entity injection: http://groups.google.com/group/djabberd/browse_thread/thread/47974331c37e54c5# Btw, a blog post about these and the other recent jabber billion laughs vulnerabilities: http://wouter.coekaerts.be/2011/jabber-dos Regards, Wouter.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ