Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Jan 2015 05:32:06 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Vincent Danen <vdanen@...hat.com>, cve-assign@...re.org
Subject: Re: CVE request: denial of service flaw in firebird

Hi,

On Sat, Jan 03, 2015 at 06:59:18PM -0500, cve-assign@...re.org wrote:
> 
> >I've not seen a CVE for this; could one be assigned?  Thanks.
> >
> >It was found that an unauthenticated remote attacker could send a
> >malformed network packet to a firebird server, which would cause the
> >server to crash.
> >
> >http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/
> >http://tracker.firebirdsql.org/browse/CORE-4630
> >http://sourceforge.net/p/firebird/code/60331/
> >https://bugs.mageia.org/show_bug.cgi?id=14726
> >https://bugzilla.redhat.com/show_bug.cgi?id=1172445
> 
> Use CVE-2014-9492.

I have a question back on this assignment. Initially CORE-4630 did not
had a CVE reference in the title at leat afair, but some time ago the
reference to CVE-2014-9323 appeared.

We used then this reference in Debian to track the issue, but also
others have it:

https://bugzilla.suse.com/show_bug.cgi?id=910653
https://bugzilla.redhat.com/show_bug.cgi?id=1172445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9323
https://security-tracker.debian.org/tracker/CVE-2014-9323

Should CVE-2014-9492 be rejected and CVE-2014-9323 to be still
continued to be used?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ