Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Apr 2017 10:54:00 +0000
From: Stephan Zeisberg <stephan.zeisberg@...one.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Two memory corruption vulnerabilities ldns 1.7

Hi,

i discovered two memory corruption vulnerabilities (double free) in ldns
1.7.0:

* https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
* https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257

and reported it to https://www.nlnetlabs.nl/bugs-script/

Both fixed in upstream (in development branch):
* for bug 1256: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790
* for bug 1257: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02

Could you please assign CVE(s) for the vulnerabilites?

Thanks,
Stephan
-- 
Stephan Zeisberg
Security Researcher

m: stephan.zeisberg@...one.com



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ