Date: Mon, 21 Oct 2013 08:04:28 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com, kseifried@...hat.com Subject: Re: CVE request: echoping buffer overflow vulnerabilities On Fri, Oct 18, 2013 at 10:35:18PM -0600, Kurt Seifried wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/17/2013 05:18 AM, Sergey Popov wrote: > > Echoping 6.0.2 and before contains several buffer overflow > > vulnerabilities that can lead to execution of arbitrary code on > > the system or cause the application to crash. > > > > Bug report in Gentoo: > > https://bugs.gentoo.org/show_bug.cgi?id=349569 > > > > Some additional info: http://xforce.iss.net/xforce/xfdb/64141 > > http://secunia.com/advisories/42619/ > > > > Issue is fixed in upstream, but no release yet. > > > > Please assign a CVE for this, thanks. > > > >  - http://sourceforge.net/p/echoping/bugs/55/ > > Please use CVE-2013-4448 for this issue. This should receive a CVE-2010-xxxx ID. It was originally reported to the Debian BTS in December 2010 (as linked in the sf bugtracker): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808 Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.