oss-sec mailing list archives
Re: CVE request for neon
From: Joe Orton <jorton () redhat com>
Date: Wed, 20 Aug 2008 21:08:59 +0100
On Wed, Aug 20, 2008 at 12:06:35PM -0400, Steven M. Christey wrote:
On Fri, 15 Aug 2008, Joe Orton wrote:A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service. Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571Use CVE-2008-3746, to be filled in later.
Thanks. I've now released neon 0.28.3 to fix this issue: http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html Regards, Joe
Current thread:
- CVE request for neon Joe Orton (Aug 15)
- Re: CVE request for neon Steven M. Christey (Aug 20)
- Re: CVE request for neon Joe Orton (Aug 20)
- Re: CVE request for neon Steven M. Christey (Aug 20)