Date: Thu, 21 May 2015 10:47:40 -0400 (EDT) From: cve-assign@...re.org To: alessandro@...dini.me Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: nbd denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > http://sourceforge.net/p/nbd/mailman/message/30410146/ > https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4 As far as we can tell, the CVE request is primarily about the vulnerability that affects versions 2.9.22 through 3.3. Use CVE-2013-7441. >> Versions released between 2.9.16 and 2.9.22 ... are vulnerable in the >> sense that the bad design is still there, but I don't believe they >> would crash in that manner. If someone is interested in a CVE ID for those older versions (released in 2010 and 2011), and the behavior is different (e.g., if the unexpected client behavior doesn't immediately lead to a crash and instead can cause memory corruption), please let us know. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVXe+IAAoJEKllVAevmvmsuzwIAL5k8kTryqGjXT/7W5VY6O/N Ybjzpqb9JrKk5t6SyedrtilpEwx6Wj87Pk36Wfw336fPDnzHFh8SvipW3oT/Dzil I9llHybnTum0zGz2POnqzm1bL2Qr0QB0ly6gL56MCeErsfhngQahv6PGFuZC3wNH p9MaHFwVVZAGDwzrbA2JAyw6C7T4xm6TyfY9/2tF3jhXvbTM+5yO9znK5p9BChco ski7lbZW9tw3HK0CChrT0xQv6m6JTPR6s+faOiREE8+CkdqDpr/GTTIY5KGx6eFr RiyinKasLHxIfsMZYQJIBotOLAFo9XdxO7cQIGNfL4npc8NBPcU8uhJUsH4scTQ= =T6E3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.