oss-sec mailing list archives
Re: CVE Request: DoS in OpenSMTPD TLS Support
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Sun, 19 May 2013 05:00:26 +0200
On Sat, May 18, 2013 at 6:16 PM, Gilles Chehade <gilles () poolp org> wrote:
Not too nice to send a CVE request without ANY coordination with us ...
Sorry about that. I was in the midst of bumping packages in gentoo to the snapshot where you had fixed the issue, when I figured it might be wise to also get the issue tracked with a CVE asap. Sorry for jumping the gun.
Just for the record, you contacted us today reporting a bug which could be memory corruption and you didn't know if it could be exploited.
The quote was "I haven't looked into why this happens or if memory corruption / code execution is a possibility, but at the very least, it's a nasty DoS."
The snapshot mail, commit log and diffs makes the issue obvious
Which is why I figured it was already a public issue, and therefore not an issue to track it with a CVE. But apologies, nonetheless, for jumping the gun. I'll coordinate with you more closely in the future.
Current thread:
- CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld (May 18)
- Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 18)
- Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 18)
- Re: CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld (May 18)
- Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 18)
- Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 19)
- Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 18)