Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 5 Apr 2014 19:26:18 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Possible CVE Request: Uncontrolled Resource Consumption with
 XMPP-Layer Compression

Hi,

>From [1] thee is an security notice from the XMPP Standards Foundation
affecting several XMPP server implementations:

> The XMPP Standards Foundation has published a security notice
> describing an uncontrolled resource consumption vulnerability in
> several XMPP server implementations that support application-layer
> compression. Details can be found at:
> 
> http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
> 
> Peter

 [1] http://mail.jabber.org/pipermail/security/2014-April/000979.html

Is this something which should get one CVE, or is a CVE for each
implementation needed?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ