Re: CVE Request: DoS in OpenSMTPD TLS Support

["Jason A. Donenfeld" <Jason () zx2c4 com>]

On Sat, May 18, 2013 at 6:16 PM, Gilles Chehade <gilles () poolp org> wrote:
> Not too nice to send a CVE request without ANY coordination with us ...

Sorry about that. I was in the midst of bumping packages in gentoo to
the snapshot where you had fixed the issue, when I figured it might be
wise to also get the issue tracked with a CVE asap. Sorry for jumping
the gun.

> Just for the record, you contacted us today reporting a bug which could
> be memory corruption and you didn't know if it could be exploited.

The quote was "I haven't looked into why this happens or if memory
corruption / code execution is a possibility, but at the very least,
it's a nasty DoS."

> The snapshot mail, commit log and diffs makes the issue obvious

Which is why I figured it was already a public issue, and therefore
not an issue to track it with a CVE. But apologies, nonetheless, for
jumping the gun. I'll coordinate with you more closely in the future.