Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Jul 2015 16:34:49 -0400 (EDT)
From: cve-assign@...re.org
To: pieter.lexis@...erdns.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Follow up: PowerDNS Security Advisory 2015-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
> Update 7th of July 2015: Toshifumi Sakaguchi discovered that the original fix was insufficient

For cases of an insufficient fix, an additional CVE ID is assigned.
Use CVE-2015-5470. The reason for this CVE is apparently the absence
of:

   if (ret.length() > 1024)
     throw MOADNSException("Total name too long");

in PowerDNS Recursor 3.6.3 and 3.7.2 and Auth 3.3.2 and 3.4.4.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVoCm+AAoJEKllVAevmvmsCd0IAIYvsrFye9E332uBKjKKzo+V
y2KfAeiN0qxnTL31MdYavs8ruWNkzQFgBSPKbhqYYPGKU661SMr+hDy2mVSicysY
MywUEOamB4/9/vA11QV0P+KNhtUmwUJwL7FslAGveSZm+3OF9qxQPtIzNQQdh6J7
YzEW1Xk5UxmjCJmWyzasFf39jAUax/RngvKtHYrUjGkNKZXWabCFqiZ5tO90ga+7
sRhN1HSNSbxB2KMIFCqTMxe78xGV/8J7ifTihQBZe7gx2GbcoBLCf0v+N4mFTl6U
Ziio5mchYZU5HLtdqwMxRg5/vDoxbGT7C1Nqg8rUZAgmFERzwrYzdax8HP/hzhk=
=ONFs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ