Date: Wed, 19 Nov 2008 11:07:45 -0800 From: Kees Cook <kees@...ntu.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...re.org> Subject: CVE request: CUPS DoS via RSS subscriptions Hello! I'd like to get a CVE assigned for the RSS subscription DoS mentioned here. It seems that CUPS upstream already fixed the issue in their 1.3.8 release. Prior to 1.3.8, the server can be made to crash when visiting a malicious website due to CUPS general CSRF issues. Thanks, -Kees  https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/  http://www.cups.org/strfiles/2774/str2774.patch  http://www.cups.org/str.php?L2774 -- Kees Cook Ubuntu Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.