Date: Wed, 25 May 2016 17:27:11 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Cc: security@...ntu.com Subject: CVE Requests: libimobiledevice and libusbmuxd Hello MITRE, all, Please assign CVE(s) to libimobiledevice and libusbmuxd; both libraries accidentally bound a listening IPv4 TCP socket to INADDR_ANY rather than INADDR_LOOPBACK: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196 I do not know who to credit with discovery. Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ