Date: Wed, 25 May 2016 17:27:11 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Cc: security@...ntu.com Subject: CVE Requests: libimobiledevice and libusbmuxd Hello MITRE, all, Please assign CVE(s) to libimobiledevice and libusbmuxd; both libraries accidentally bound a listening IPv4 TCP socket to INADDR_ANY rather than INADDR_LOOPBACK: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196 I do not know who to credit with discovery. Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.