Date: Wed, 30 Oct 2013 10:12:51 -0600 From: Kurt Seifried <kseifried@...hat.com> To: Tollef Fog Heen <tfheen@...nish-software.com> CC: ingvar@...pill-linpro.com, ssm@...ian.org, team@...urity.debian.orgteam, Open Source Security <oss-security@...ts.openwall.com> Subject: Re: CVE number needed for Varnish DoS, also heads-up -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adding oss-security to cc as per http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html since it's public. On 10/30/2013 08:05 AM, Tollef Fog Heen wrote: > Hi Kurt, > > I'm being told by the Debian security team that they can't assign a > CVE as there has been a public bug report about this issue, but > that you can help. (https://www.varnish-cache.org/trac/ticket/1367 > is the bug report) > > Can you please get me a CVE id? > > Thanks, - Tollef Fog Heen > > ]] Tollef Fog Heen > >> Hi, >> >> (Cc to varnish maintainer in Debian and Fedora) >> >> we've had a denial of service attack reported in Varnish. I >> believe we should get this fixed in stable (we're working on a >> patch), but I'd like a CVE # to go with the advisory. Draft >> advisory at http://etherpad.wikimedia.org/p/WnwRT4FH6e >> >> Regards, -- Tollef Fog Heen Technical lead | Varnish Software AS >> 📞: +47 21 98 92 64 We Make Websites Fly! > Please use CVE-2013-4484 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJScTADAAoJEBYNRVNeJnmTDqIQALHYdrKe6DwLSO53z/RhXApG iZbKmalHlO8SEoMP8DCW6ln20/eBIzn/vgNoBQUy8DSt2prnllaAjLpXtZkPwX0O ZG6DQOq79FeEGEHA5/3VN7gFYoFKYYYrPnfJGrQ//RmT1wh/IFJweOONWi0w686/ APfER2THBfe05jGEti6MB6JcV31S4VtEWNBqToasW7UInHqxuG2ryQsTMaiU/oXW FR29oTbRoBr8gPTOX5aroQuH9gO72WNcRQ1SXupQAfUYwyM/9Y2KrnYR5xDg8Uop n2A4ON2bqFxD0vmqod8SmB96FoTRzMemBTpqx4pCEEdEV2B9OVD7c+K3U5+6QFLP KoJc3hdHqZj2T98OZyVKfWFzkZPy/WHOX8pjgzgPmNR9syvufoe5zL9iox8HvSk6 1mhq5xpXL00wu4Z9V7DdiSKZUJ1zEWSukZy3gTrGIDDYpX6lkxtnLmIH3gaM3tvY v5QEYPwBsDagnxsslrt5gA8gE4Hf0j/b9AjGngK96SkN+77zkHo8qjAIR373w9/k SRXc4OFs2V0YB1rm4jV44X2hY2UbWN6631Hy60KZrknWkA6Ij/+lslZ4ShUK2LXt Gc512k/q6MrkguCesHCpTmWaHO+Q+HK9e+vkpoj8jnj+rNHFGyFL+jO4vXN2QuXk mBZpOoGORQnvfaSYBadq =cio8 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ