Date: Tue, 8 Mar 2016 09:26:59 +0100 From: FEIST Josselin <josselin.feist@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request : Use-after-free in accel-ppp Hi, For information, the vuln was fixed on release 1.10.1 The fix: https://sourceforge.net/p/accel-ppp/code/ci/74c8c4a91551fe91e224c29882fac55250fc94e3/ Best regards, Josselin Feist #### timeline #### - 18/01/2016: Vuln reported (affect 1.10.0) - 04/03/2016: Vuln fixed (release 1.10.1) On 10/02/2016 22:23, FEIST Josselin wrote: > Hi, > > A use-after-free in accel-ppp was reported one month ago. accel-ppp is a > VPN server (https://accel-ppp.org) > Since I got no news from the dev (neither by email or through the > forum), I would suggest to use this service carefully. > > More details about the vuln here : > http://accel-ppp.org/forum/viewtopic.php?f=18&t=581 > > The vuln was found with the help of the analyzer GUEB. > > Best regards, > Josselin Feist >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ