Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 09:10:12 -0400
From: Russ Cox <>
Subject: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion

On Mon, Apr 24, 2017 at 10:06 AM, Russ Cox <> wrote:
> > Due to the widespread but limited ("only" CPU exhaustion) nature of
> the problem, I have not attempted any embargoed prenotification.
> I will forward this note directly to and
> I filled out the "DWF Open Source Request Form v2"
> for a CVE number for the generic problem, and I will reply here when
> I receive the number.

FYI, over the weekend I received notification (two weeks after applying)
that DWF has declined to issue a CVE number for this general problem.
Interested parties will have to obtain their own CVE numbers for specific


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ