oss-sec mailing list archives

Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version

From: Josh Bressers <bressers () redhat com>
Date: Mon, 31 Jan 2011 16:24:09 -0500 (EST)

Please use CVE-2011-0530.

Thanks.

-- 
    JB

----- Original Message -----

Hello Josh, Steve, vendors,

Originally, CVE-2005-3534:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3534

has been assigned to NBD and addressed in nbd-v2.8.3 version:
[2]
http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229

via changeset:
[3]
https://github.com/yoe/nbd/commit/4ed24fe0d64c7cc9963c57b52cad1555ad7c6b60

But nbd-v2.9.0:
[4] http://sourceforge.net/projects/nbd/files/nbd/2.9.0/

contains the issue again. This flaw was fixed second time via upstream
changeset:
[5]
https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8

References:
[6] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187
[7] https://bugzilla.redhat.com/show_bug.cgi?id=673562

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Jan Lieskovsky (Jan 28)
- Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Josh Bressers (Jan 31)