Date: Thu, 22 Mar 2012 23:19:49 -0600 From: Kurt Seifried <kseifried@...hat.com> To: William Pitcock <nenolod@...eferenced.org> CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour On 03/22/2012 12:16 PM, William Pitcock wrote: > Hi, > > On Wednesday, March 21, 2012, Kurt Seifried <kseifried@...hat.com > <mailto:kseifried@...hat.com>> wrote: >> On 03/21/2012 12:55 PM, William Pitcock wrote: >>> atheme.org <http://atheme.org> Security Advisory >>> ASA-2012-03-01 >>> >>> Original release: March 20, 2012. >>> Last update: March 20, 2012. >>> >>> Copyright (c) 2012 atheme.org <http://atheme.org> and it's contributors. >>> All rights reserved. >>> >>> Distribution of this document in full, or in part is allowed, >>> provided that it remains in unmodified form and the above >>> copyright notice and this permission notice remain unchanged. >> >> That makes no sense "or in part is allowed, provided that it remains in >> unmodified form" and I just violated this replying to you I guess. > > Yes we should probably change our language for future advisories. > >> >> Also did you want a CVE # for this issue? > > That would be useful -- I know that suse, debian and gentoo carry the > software as part of their IRC server packages. > > William Please use CVE-2012-1576 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ