Date: Fri, 06 Feb 2015 15:12:02 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request for denial-of-service vulnerability in fcgi Just a note this needs a 2012 CVE: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591 On 06/02/15 04:11 AM, Till Maas wrote: > Hi, > > there appears to be at least a denial-of-service vulnerability in fcgi: > https://bugzilla.redhat.com/show_bug.cgi?id=1189958 > > Can someone pleas assign a CVE id to this, to make sure that other > distributions notice this problem as well. > > Unfortunately it looks like fastcgi upstream now died, as their mailing > list is not reachable anymore: > http://mailman.fastcgi.com/mailman/listinfo/fastcgi-developers > > So if someone knows how to contact them, please forward them this > information. > > Regards > Till Maas > -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ