oss-sec mailing list archives

CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 28 Jan 2011 19:15:10 +0100

Hello Josh, Steve, vendors,

  Originally, CVE-2005-3534:
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3534

has been assigned to NBD and addressed in nbd-v2.8.3 version:
[2] http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229

via changeset:
[3] https://github.com/yoe/nbd/commit/4ed24fe0d64c7cc9963c57b52cad1555ad7c6b60

But nbd-v2.9.0:
[4] http://sourceforge.net/projects/nbd/files/nbd/2.9.0/

contains the issue again. This flaw was fixed second time via upstream changeset:
[5] https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8

References:
[6] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187
[7] https://bugzilla.redhat.com/show_bug.cgi?id=673562

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Jan Lieskovsky (Jan 28)
- Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Josh Bressers (Jan 31)