Date: Thu, 21 May 2015 10:47:40 -0400 (EDT) From: cve-assign@...re.org To: alessandro@...dini.me Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: nbd denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > http://sourceforge.net/p/nbd/mailman/message/30410146/ > https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4 As far as we can tell, the CVE request is primarily about the vulnerability that affects versions 2.9.22 through 3.3. Use CVE-2013-7441. >> Versions released between 2.9.16 and 2.9.22 ... are vulnerable in the >> sense that the bad design is still there, but I don't believe they >> would crash in that manner. If someone is interested in a CVE ID for those older versions (released in 2010 and 2011), and the behavior is different (e.g., if the unexpected client behavior doesn't immediately lead to a crash and instead can cause memory corruption), please let us know. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVXe+IAAoJEKllVAevmvmsuzwIAL5k8kTryqGjXT/7W5VY6O/N Ybjzpqb9JrKk5t6SyedrtilpEwx6Wj87Pk36Wfw336fPDnzHFh8SvipW3oT/Dzil I9llHybnTum0zGz2POnqzm1bL2Qr0QB0ly6gL56MCeErsfhngQahv6PGFuZC3wNH p9MaHFwVVZAGDwzrbA2JAyw6C7T4xm6TyfY9/2tF3jhXvbTM+5yO9znK5p9BChco ski7lbZW9tw3HK0CChrT0xQv6m6JTPR6s+faOiREE8+CkdqDpr/GTTIY5KGx6eFr RiyinKasLHxIfsMZYQJIBotOLAFo9XdxO7cQIGNfL4npc8NBPcU8uhJUsH4scTQ= =T6E3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ