Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150707140018.GA4743@kronk.local>
Date: Tue, 7 Jul 2015 16:00:18 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: oss-security@...ts.openwall.com
Cc: Pieter Lexis <pieter.lexis@...erdns.com>, cve-assign@...re.org
Subject: Re: Follow up: PowerDNS Security Advisory 2015-01

On Tue, Jul 07, 2015 at 11:28:48AM +0200, Pieter Lexis wrote:
> Hi all,
> 
> We've updated our security advisory regarding CVE-2015-1868[1].
> Toshifumi Sakaguchi discovered that our fix for this CVE was
> insufficient in some cases with specially crafted packets.
> 
> Last month we released patched versions[2] and we've now updated the
> Advisory to reflect this. If you have not updated yet, we advice again
> to update.
> 
> 1 - https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
> 2 -
> http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/

I think this should get a new CVE assigned due to the original patch being
incomplete (I've added cve-assign to CC).

Cheers

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.