oss-sec mailing list archives
Re: Follow up: PowerDNS Security Advisory 2015-01
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Tue, 7 Jul 2015 16:00:18 +0200
On Tue, Jul 07, 2015 at 11:28:48AM +0200, Pieter Lexis wrote:
Hi all, We've updated our security advisory regarding CVE-2015-1868[1]. Toshifumi Sakaguchi discovered that our fix for this CVE was insufficient in some cases with specially crafted packets. Last month we released patched versions[2] and we've now updated the Advisory to reflect this. If you have not updated yet, we advice again to update. 1 - https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ 2 - http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/
I think this should get a new CVE assigned due to the original patch being incomplete (I've added cve-assign to CC). Cheers
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Follow up: PowerDNS Security Advisory 2015-01 Pieter Lexis (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 Alessandro Ghedini (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 cve-assign (Jul 10)