Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4D4307AE.4000404@redhat.com>
Date: Fri, 28 Jan 2011 19:15:10 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>,
        Wouter Verhelst <wouter@...ian.org>
Subject: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0
 version

Hello Josh, Steve, vendors,

   Originally, CVE-2005-3534:
   [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3534

has been assigned to NBD and addressed in nbd-v2.8.3 version:
[2] http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229

via changeset:
[3] https://github.com/yoe/nbd/commit/4ed24fe0d64c7cc9963c57b52cad1555ad7c6b60

But nbd-v2.9.0:
[4] http://sourceforge.net/projects/nbd/files/nbd/2.9.0/

contains the issue again. This flaw was fixed second time via upstream changeset:
[5] https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8

References:
[6] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187
[7] https://bugzilla.redhat.com/show_bug.cgi?id=673562

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.