oss-sec mailing list archives

Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record

From: Henrik Nordström <henrik () henriknordstrom net>
Date: Mon, 31 Oct 2011 21:34:42 +0100

mån 2011-10-31 klockan 14:20 -0600 skrev Kurt Seifried:

Could you allocate a CVE id for this? (cc-ed Henrik and Jiri 
for their opinion / comments too, if this should be considered 
a security issue or not)


I'd say so, in the past we have: CVE-2010-2951, CVE-2010-0639,
CVE-2009-3700, etc. Lots of similar ones.


Agreed.

Regards
Henrik

Current thread:

CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Jan Lieskovsky (Oct 31)
- Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Kurt Seifried (Oct 31)
  - Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Henrik Nordström (Nov 01)
    - Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Steven M. Christey (Nov 14)