Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour

[Kurt Seifried <kseifried () redhat com>]

On 03/22/2012 12:16 PM, William Pitcock wrote:
> Hi,
>
> On Wednesday, March 21, 2012, Kurt Seifried <kseifried () redhat com
> <mailto:kseifried () redhat com>> wrote:
> > On 03/21/2012 12:55 PM, William Pitcock wrote:
> > > atheme.org <http://atheme.org> Security Advisory
> > > ASA-2012-03-01
> > >
> > > Original release: March 20, 2012.
> > > Last update: March 20, 2012.
> > >
> > > Copyright (c) 2012 atheme.org <http://atheme.org> and it's contributors.
> > > All rights reserved.
> > >
> > > Distribution of this document in full, or in part is allowed,
> > > provided that it remains in unmodified form and the above
> > > copyright notice and this permission notice remain unchanged.
> >
> > That makes no sense "or in part is allowed, provided that it remains in
> > unmodified form" and I just violated this replying to you I guess.
>
> Yes we should probably change our language for future advisories.
>
> > Also did you want a CVE # for this issue?
>
> That would be useful -- I know that suse, debian and gentoo carry the
> software as part of their IRC server packages.
>
> William

Please use CVE-2012-1576 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)