Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 May 2016 17:27:11 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: CVE Requests: libimobiledevice and libusbmuxd

Hello MITRE, all,

Please assign CVE(s) to libimobiledevice and libusbmuxd; both libraries
accidentally bound a listening IPv4 TCP socket to INADDR_ANY rather than
INADDR_LOOPBACK:

https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196

I do not know who to credit with discovery.

Thanks

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ