Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 Aug 2013 21:20:59 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Paul Gevers <elbrus@...ian.org>, Gandalf <gandalf@...ti.net>
Subject: CVE Request: Regression introduced in cacti with fix for
 CVE-2013-1435

Hi Kurt

The fix for CVE-2013-1435[1] introduced a regression:

 [1] http://svn.cacti.net/viewvc?view=rev&revision=7393

It was reported in [2] and upstream proposed a fix [3] which was
confirmed to work by two of the involved people.

 [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262707
 [3] http://sourceforge.net/mailarchive/message.php?msg_id=31262712

The corresponding svn commits should be the following:

 [4] http://svn.cacti.net/viewvc?view=rev&revision=7408
 [5] http://svn.cacti.net/viewvc?view=rev&revision=7409
 [6] http://svn.cacti.net/viewvc?view=rev&revision=7413

Does this need a follow-up CVE assignment for the regression part
introduced?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.