Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Jan 2015 05:32:06 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Vincent Danen <vdanen@...hat.com>, cve-assign@...re.org
Subject: Re: CVE request: denial of service flaw in firebird

Hi,

On Sat, Jan 03, 2015 at 06:59:18PM -0500, cve-assign@...re.org wrote:
> 
> >I've not seen a CVE for this; could one be assigned?  Thanks.
> >
> >It was found that an unauthenticated remote attacker could send a
> >malformed network packet to a firebird server, which would cause the
> >server to crash.
> >
> >http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/
> >http://tracker.firebirdsql.org/browse/CORE-4630
> >http://sourceforge.net/p/firebird/code/60331/
> >https://bugs.mageia.org/show_bug.cgi?id=14726
> >https://bugzilla.redhat.com/show_bug.cgi?id=1172445
> 
> Use CVE-2014-9492.

I have a question back on this assignment. Initially CORE-4630 did not
had a CVE reference in the title at leat afair, but some time ago the
reference to CVE-2014-9323 appeared.

We used then this reference in Debian to track the issue, but also
others have it:

https://bugzilla.suse.com/show_bug.cgi?id=910653
https://bugzilla.redhat.com/show_bug.cgi?id=1172445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9323
https://security-tracker.debian.org/tracker/CVE-2014-9323

Should CVE-2014-9492 be rejected and CVE-2014-9323 to be still
continued to be used?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.