Date: Thu, 27 Apr 2017 10:54:00 +0000 From: Stephan Zeisberg <stephan.zeisberg@...one.com> To: oss-security@...ts.openwall.com Subject: CVE Request: Two memory corruption vulnerabilities ldns 1.7 Hi, i discovered two memory corruption vulnerabilities (double free) in ldns 1.7.0: * https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 * https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257 and reported it to https://www.nlnetlabs.nl/bugs-script/ Both fixed in upstream (in development branch): * for bug 1256: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790 * for bug 1257: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02 Could you please assign CVE(s) for the vulnerabilites? Thanks, Stephan -- Stephan Zeisberg Security Researcher m: stephan.zeisberg@...one.com [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ