Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 8 Mar 2016 09:26:59 +0100
From: FEIST Josselin <josselin.feist@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request : Use-after-free in accel-ppp

Hi,

For information, the vuln was fixed on release 1.10.1
The fix:
https://sourceforge.net/p/accel-ppp/code/ci/74c8c4a91551fe91e224c29882fac55250fc94e3/

Best regards,
Josselin Feist

#### timeline ####
- 18/01/2016: Vuln reported (affect 1.10.0)
- 04/03/2016: Vuln fixed (release 1.10.1)



On 10/02/2016 22:23, FEIST Josselin wrote:
> Hi,
>
> A use-after-free in accel-ppp was reported one month ago. accel-ppp is a
> VPN server (https://accel-ppp.org)
> Since I got no news from the dev (neither by email or through the
> forum), I would suggest to use this service carefully.
>
> More details about the vuln here :
> http://accel-ppp.org/forum/viewtopic.php?f=18&t=581
>
> The vuln was found with the help of the analyzer GUEB.
>
> Best regards,
> Josselin Feist
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ