oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE number needed for Varnish DoS, also heads-up

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 30 Oct 2013 10:12:51 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adding oss-security to cc as per
http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
since it's public.


On 10/30/2013 08:05 AM, Tollef Fog Heen wrote:

Hi Kurt,

I'm being told by the Debian security team that they can't assign a
CVE as there has been a public bug report about this issue, but
that you can help.  (https://www.varnish-cache.org/trac/ticket/1367
is the bug report)

Can you please get me a CVE id?

Thanks, - Tollef Fog Heen

]] Tollef Fog Heen


Hi,

(Cc to varnish maintainer in Debian and Fedora)

we've had a denial of service attack reported in Varnish.  I
believe we should get this fixed in stable (we're working on a
patch), but I'd like a CVE # to go with the advisory.  Draft
advisory at http://etherpad.wikimedia.org/p/WnwRT4FH6e

Regards, -- Tollef Fog Heen Technical lead | Varnish Software AS 
📞: +47 21 98 92 64 We Make Websites Fly!




Please use CVE-2013-4484 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJScTADAAoJEBYNRVNeJnmTDqIQALHYdrKe6DwLSO53z/RhXApG
iZbKmalHlO8SEoMP8DCW6ln20/eBIzn/vgNoBQUy8DSt2prnllaAjLpXtZkPwX0O
ZG6DQOq79FeEGEHA5/3VN7gFYoFKYYYrPnfJGrQ//RmT1wh/IFJweOONWi0w686/
APfER2THBfe05jGEti6MB6JcV31S4VtEWNBqToasW7UInHqxuG2ryQsTMaiU/oXW
FR29oTbRoBr8gPTOX5aroQuH9gO72WNcRQ1SXupQAfUYwyM/9Y2KrnYR5xDg8Uop
n2A4ON2bqFxD0vmqod8SmB96FoTRzMemBTpqx4pCEEdEV2B9OVD7c+K3U5+6QFLP
KoJc3hdHqZj2T98OZyVKfWFzkZPy/WHOX8pjgzgPmNR9syvufoe5zL9iox8HvSk6
1mhq5xpXL00wu4Z9V7DdiSKZUJ1zEWSukZy3gTrGIDDYpX6lkxtnLmIH3gaM3tvY
v5QEYPwBsDagnxsslrt5gA8gE4Hf0j/b9AjGngK96SkN+77zkHo8qjAIR373w9/k
SRXc4OFs2V0YB1rm4jV44X2hY2UbWN6631Hy60KZrknWkA6Ij/+lslZ4ShUK2LXt
Gc512k/q6MrkguCesHCpTmWaHO+Q+HK9e+vkpoj8jnj+rNHFGyFL+jO4vXN2QuXk
mBZpOoGORQnvfaSYBadq
=cio8
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: