Date: Fri, 08 Nov 2013 12:02:37 -0500 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com Subject: CVE Request: bip denial of service via resource leak Hello, bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a resource leak. A remote attacker can use this flaw to cause bip to run out of resources, resulting in a denial of service. Upstream bug: https://projects.duckcorp.org/issues/261 Fixed by the following commit in 0.8.9: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c Downstream bug: https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888 Could a CVE please be assigned to this issue? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.