oss-sec mailing list archives
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
From: Kurt Seifried <kseifrie () redhat com>
Date: Thu, 29 Dec 2011 12:31:48 -0500 (EST)
Credit: vulnerability report and PoC code received from Alexander Klink <alexander.klink AT nruns.com> and Julian Waelde <jwaelde AT cdc.informatik.tu-darmstadt.de>. CVE: CVE-2011-4461 (Jetty), CVE-2011-4838 (JRuby), CVE-2011-4885 (PHP), CVE-2011-4462 (Plone), CVE-2011-4815 (Ruby)Kurt or other CVE assigners, can you please assign a bunch for python, java, tomcat etc. pp. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
I am going to defer this to Steve/etc, as I had nothing to do with the original CVE assignments so I have no idea (maybe they got assigned but not published? Not assigned yet due to split/merge issues? not assigned due to other reasons?). -- Kurt Seifried / Red Hat Security Repsonse Team
Current thread:
- [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 28)
- More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Kurt Seifried (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) David Jorm (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Tomas Hoger (Dec 30)
- More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 31)