[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: Some fun with tcp_wrappers
From:       Tomas Hoger <thoger () redhat ! com>
Date:       2009-04-28 9:22:53
Message-ID: 20090428112253.2c0fb8e1 () redhat ! com
[Download RAW message or body]

Hi Steve!

On Fri, 24 Apr 2009 19:10:11 -0400 (EDT) "Steven M. Christey"
<coley@linus.mitre.org> wrote:

> Given last week's round of discussion on this list and related
> commentary in Red Hat 491095, I still don't know how to write up
> CVE-2009-0786. Should we focus it on the hosts_ctl() usage in the
> Fedora version of tcp_wrappers?

Given Wietse's (original upstream author) comments, original behavior
is intended one, so 0786 should be rejected.  We're not adding the
change as security fix to the product versions where it's not included
already.

Thank again to Wietse for his comments!

-- 
Tomas Hoger / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]