Date: Wed, 29 Jul 2015 14:32:51 +0100 From: Kiall Mac Innes <kiall@...innes.ie> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 28/07/15 22:09, cve-assign@...re.org wrote: >>> https://launchpad.net/bugs/1471161 > >>> Designate does not enforce the DNS protocol limit concerning >>> record set sizes > >>> As a result, the rendering loop in desginate-mdns can does not >>> make progress > >>> https://bugs.launchpad.net/designate/+bug/1471161/comments/5 > >>> 1: Quotas were being bypassed as part of the v1 API. > >> two CVE IDs: > >> one for the original "does not enforce the DNS protocol limit >> concerning record set sizes" issue > > Use CVE-2015-5694. > > >> one for the "Quotas were being bypassed" issue. > > Use CVE-2015-5695. > > Great, Thank you. Thanks, Kiall -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVuNYCAAoJEHuWgzsGpgIasHEIAJlxDqvKFfZTQA0Nuoqr9jPP +V+oZIjg4bGQTSrFi11Jq8D3fmyoqRCb47E/XC/8VPZkBk/lPJ6BcBiDcOu9flst zw1J4qmcbxMeT9hCLmutcSZXI8KTWmpTczI3MN+RrgeDi4D2IEnkv+658b7mrOix 7JMW56pkOLWLCf5QNDRTWHHTpac6hA0C2svp3Jwv5uMh+UWMcjD4ob6SM0tlG59w 1ZRpGf/zE3UoabwJADXtNLewyb5CbI2qVUkvco/JeIZdFF0I/I8oRG7yxxotHYkg 6MvwDVN6cLCvwe28vo/Mm0rvVw9uf4hqVIfYwE3rGCfN4zlTRu0ncPwRuHg865I= =S6kC -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ