Date: Thu, 29 Sep 2016 16:18:44 +0200 (CEST) From: Daniel Stenberg <daniel@...x.se> To: c-ares hacking <c-ares@...l.haxx.se> cc: oss-security@...ts.openwall.com Subject: Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write On Thu, 29 Sep 2016, Daniel Stenberg wrote: > INFO > ---- > > The Common Vulnerabilities and Exposures (CVE) project has assigned the name > CVE-2016-5180 to this issue. > > AFFECTED VERSIONS > ----------------- > > This flaw exists in the following c-ares versions. > > - Affected versions: libcurl 1.0.0 to and including 1.11.0 > - Not affected versions: c-ares >= 1.12.0 Sorry for being sloppy. I meant to write c-ares above and not libcurl. This was a copy and paste error that is already fixed in the web version of this advisory at https://c-ares.haxx.se/adv_20160929.html -- / daniel.haxx.se
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.