Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 26 May 2016 14:20:59 -0400 (EDT)
From: cve-assign@...re.org
To: seth.arnold@...onical.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, security@...ntu.com
Subject: Re: CVE Requests: libimobiledevice and libusbmuxd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Please assign CVE(s) to libimobiledevice and libusbmuxd; both libraries
> accidentally bound a listening IPv4 TCP socket to INADDR_ANY rather than
> INADDR_LOOPBACK:
> 
> https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
> https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196

Use CVE-2016-5104 for this vulnerability in both products. We did not
investigate how these products were developed, but it is clear that
these were not independent mistakes in separately written code.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXRzuDAAoJEHb/MwWLVhi2o4UP/Axr1qTym6sYJgBkuyLRvVDe
hPsp7oZxBpD7XsyB9sgVLfcS831/bVJDOZMM8gBmF+U3XFUwsxrG/0Eeiy6Ye809
07tA1DwQVzkdEVoFI5zyqP3XhZoyCux6oouEfT4Q/SbLzZMP8erMPs9G0+BIdNDz
tzCen2Ey3hnXdYzm9Sl2Py3yvYt1XXtAVPoc1OOq/P1dYToDrWeWW1wW2eHWLr0L
UlzidNHiPFUWz7VtO3aydSMkOq7nmFL9qjup2CS0+5COi5hTvy+GhV1k+IubvD/Z
C0SBru8ldqnXwA/b920nHm/IFuYwwaUx9r09dsFTeEawG9CNd4y2SgH9fd6fdHi2
QpZwBPsLJQvDCzWGaALUGfeWFFPjDk8ZmnVuRlrvDPHqW2jE+t3y7K4Zk8lPR8tP
Pj6sAyxVosE24u3aq+kMpTgfDu+DC3qQXxiU9j5c0oOCy8IoDBSTeWaMa+4kCiPp
h0+el4k55Zkm2wlD8v1Qe7qo+Cm6ALk2A+S4m05mXh8J17GXw9A1ZAkEBsnpkYcw
xiK+qYIxUCfexMi/GfdngmKHnHaUiH4F2HZvyUOw9pdIVI3wZs0E/J428a/ZfPF3
hKr3p60rZIrYGf9QmMaPqAo83MVnS0G29fMEO8pbRamDWewm+oBKX9KiUjKmzxmg
2QIZO/45MdzfAHHPmr2i
=ZCZK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ