oss-sec mailing list archives
Re: CVE request: denial of service flaw in firebird
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 4 Jan 2015 05:32:06 +0100
Hi, On Sat, Jan 03, 2015 at 06:59:18PM -0500, cve-assign () mitre org wrote:
I've not seen a CVE for this; could one be assigned? Thanks. It was found that an unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash. http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ http://tracker.firebirdsql.org/browse/CORE-4630 http://sourceforge.net/p/firebird/code/60331/ https://bugs.mageia.org/show_bug.cgi?id=14726 https://bugzilla.redhat.com/show_bug.cgi?id=1172445Use CVE-2014-9492.
I have a question back on this assignment. Initially CORE-4630 did not had a CVE reference in the title at leat afair, but some time ago the reference to CVE-2014-9323 appeared. We used then this reference in Debian to track the issue, but also others have it: https://bugzilla.suse.com/show_bug.cgi?id=910653 https://bugzilla.redhat.com/show_bug.cgi?id=1172445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9323 https://security-tracker.debian.org/tracker/CVE-2014-9323 Should CVE-2014-9492 be rejected and CVE-2014-9323 to be still continued to be used? Regards, Salvatore
Current thread:
- Re: CVE request: denial of service flaw in firebird cve-assign (Jan 03)
- Re: CVE request: denial of service flaw in firebird Salvatore Bonaccorso (Jan 03)
- Re: CVE request: denial of service flaw in firebird Vincent Danen (Jan 05)
- Re: CVE request: denial of service flaw in firebird cve-assign (Jan 05)
- Re: CVE request: denial of service flaw in firebird Vincent Danen (Jan 05)
- Re: CVE request: denial of service flaw in firebird Salvatore Bonaccorso (Jan 03)