Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Mar 2012 23:19:49 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: William Pitcock <nenolod@...eferenced.org>
CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup
 of CertFP entries may result in undefined behaviour

On 03/22/2012 12:16 PM, William Pitcock wrote:
> Hi,
> 
> On Wednesday, March 21, 2012, Kurt Seifried <kseifried@...hat.com
> <mailto:kseifried@...hat.com>> wrote:
>> On 03/21/2012 12:55 PM, William Pitcock wrote:
>>> atheme.org <http://atheme.org> Security Advisory
>>> ASA-2012-03-01
>>>
>>> Original release: March 20, 2012.
>>> Last update: March 20, 2012.
>>>
>>> Copyright (c) 2012 atheme.org <http://atheme.org> and it's contributors.
>>> All rights reserved.
>>>
>>> Distribution of this document in full, or in part is allowed,
>>> provided that it remains in unmodified form and the above
>>> copyright notice and this permission notice remain unchanged.
>>
>> That makes no sense "or in part is allowed, provided that it remains in
>> unmodified form" and I just violated this replying to you I guess.
> 
> Yes we should probably change our language for future advisories.
> 
>>
>> Also did you want a CVE # for this issue?
> 
> That would be useful -- I know that suse, debian and gentoo carry the
> software as part of their IRC server packages.
> 
> William

Please use CVE-2012-1576 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ