'Re: [oss-security] CVE request for neon'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request for neon
From:       Joe Orton <jorton () redhat ! com>
Date:       2008-08-20 20:08:59
Message-ID: 20080820200859.GC4203 () redhat ! com
[Download RAW message or body]

On Wed, Aug 20, 2008 at 12:06:35PM -0400, Steven M. Christey wrote:
> On Fri, 15 Aug 2008, Joe Orton wrote:
> > A NULL pointer deference in the Digest authentication support in neon
> > versions 0.28.0 through 0.28.2 inclusive allows a malicious server to
> > crash a client application, resulting in possible denial of service.
> >
> > Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571
> 
> Use CVE-2008-3746, to be filled in later.

Thanks.  I've now released neon 0.28.3 to fix this issue:

http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html
http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html

Regards, Joe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic