Date: Wed, 29 Jul 2015 14:32:51 +0100 From: Kiall Mac Innes <kiall@...innes.ie> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 28/07/15 22:09, cve-assign@...re.org wrote: >>> https://launchpad.net/bugs/1471161 > >>> Designate does not enforce the DNS protocol limit concerning >>> record set sizes > >>> As a result, the rendering loop in desginate-mdns can does not >>> make progress > >>> https://bugs.launchpad.net/designate/+bug/1471161/comments/5 > >>> 1: Quotas were being bypassed as part of the v1 API. > >> two CVE IDs: > >> one for the original "does not enforce the DNS protocol limit >> concerning record set sizes" issue > > Use CVE-2015-5694. > > >> one for the "Quotas were being bypassed" issue. > > Use CVE-2015-5695. > > Great, Thank you. Thanks, Kiall -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVuNYCAAoJEHuWgzsGpgIasHEIAJlxDqvKFfZTQA0Nuoqr9jPP +V+oZIjg4bGQTSrFi11Jq8D3fmyoqRCb47E/XC/8VPZkBk/lPJ6BcBiDcOu9flst zw1J4qmcbxMeT9hCLmutcSZXI8KTWmpTczI3MN+RrgeDi4D2IEnkv+658b7mrOix 7JMW56pkOLWLCf5QNDRTWHHTpac6hA0C2svp3Jwv5uMh+UWMcjD4ob6SM0tlG59w 1ZRpGf/zE3UoabwJADXtNLewyb5CbI2qVUkvco/JeIZdFF0I/I8oRG7yxxotHYkg 6MvwDVN6cLCvwe28vo/Mm0rvVw9uf4hqVIfYwE3rGCfN4zlTRu0ncPwRuHg865I= =S6kC -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.