Date: Tue, 7 Jul 2015 16:00:18 +0200 From: Alessandro Ghedini <alessandro@...dini.me> To: oss-security@...ts.openwall.com Cc: Pieter Lexis <pieter.lexis@...erdns.com>, cve-assign@...re.org Subject: Re: Follow up: PowerDNS Security Advisory 2015-01 On Tue, Jul 07, 2015 at 11:28:48AM +0200, Pieter Lexis wrote: > Hi all, > > We've updated our security advisory regarding CVE-2015-1868. > Toshifumi Sakaguchi discovered that our fix for this CVE was > insufficient in some cases with specially crafted packets. > > Last month we released patched versions and we've now updated the > Advisory to reflect this. If you have not updated yet, we advice again > to update. > > 1 - https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ > 2 - > http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/ I think this should get a new CVE assigned due to the original patch being incomplete (I've added cve-assign to CC). Cheers Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.