Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Jun 2011 22:50:32 +0200
From: Wouter Coekaerts <wouter@...kaerts.be>
To: oss-security@...ts.openwall.com
Cc: Yann Kerherve <yann.kerherve@...il.com>, Matthew Wild <matthew@...sody.im>
Subject: CVE Request: prosody DoS, djabberd external entity injection

Hi,

As far as I know, there's no CVE for these ones yet. Could you assign one?
* prosody billion laughs DoS: http://blog.prosody.im/prosody-0-8-1-released/
* djabberd external entity injection:
http://groups.google.com/group/djabberd/browse_thread/thread/47974331c37e54c5#

Btw, a blog post about these and the other recent jabber billion
laughs vulnerabilities:
http://wouter.coekaerts.be/2011/jabber-dos

Regards,

Wouter.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ