oss-security - Re: CVE request: vulnerabilities in libcsoap

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 25 Feb 2015 10:33:16 +0000
From: Patrick Coleman <blinken@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: vulnerabilities in libcsoap

On 17 Feb 2015 10:20, "Patrick Coleman" <blinken@...il.com> wrote:
>
> On Tue, Feb 17, 2015 at 10:15 AM, Patrick Coleman <blinken@...il.com>
wrote:
> > Hi,
> >
> > A number of vulnerabilities exist in nanohttp, a lightweight webserver
library
> > included with libcsoap (http://csoap.sourceforge.net). Patches are
> > provided below against
> > 1.1.0-17.2.
>
> Apologies, hit send a little early. The version number above is the
> latest Debian package version, from upstream version 1.1.0.
>
> I'm posting here following a recommendation on debian-security, and
> Debian bug #778599 has been raised for this issue. Note upstream
> appears to be unmaintained.

Hi,

Just wanted to follow up on this. Can a CVE ID be assigned for this issue?

If there is any further information required please let me know.

-Patrick

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.