oss-sec mailing list archives

Re: CVE request for denial-of-service vulnerability in fcgi

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 06 Feb 2015 15:12:02 -0700

Just a note this needs a 2012 CVE:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591

On 06/02/15 04:11 AM, Till Maas wrote:

Hi,

there appears to be at least a denial-of-service vulnerability in fcgi:
https://bugzilla.redhat.com/show_bug.cgi?id=1189958

Can someone pleas assign a CVE id to this, to make sure that other
distributions notice this problem as well.

Unfortunately it looks like fastcgi upstream now died, as their mailing
list is not reachable anymore:
http://mailman.fastcgi.com/mailman/listinfo/fastcgi-developers

So if someone knows how to contact them, please forward them this
information.

Regards
Till Maas


-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE request for denial-of-service vulnerability in fcgi Till Maas (Feb 06)
- Re: CVE request for denial-of-service vulnerability in fcgi Kurt Seifried (Feb 06)
- Re: CVE request for denial-of-service vulnerability in fcgi cve-assign (Feb 07)