[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE number needed for Varnish DoS, also heads-up
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-10-30 16:12:51
Message-ID: 52713003.2030107 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adding oss-security to cc as per
http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
since it's public.
On 10/30/2013 08:05 AM, Tollef Fog Heen wrote:
> Hi Kurt,
>
> I'm being told by the Debian security team that they can't assign a
> CVE as there has been a public bug report about this issue, but
> that you can help. (https://www.varnish-cache.org/trac/ticket/1367
> is the bug report)
>
> Can you please get me a CVE id?
>
> Thanks, - Tollef Fog Heen
>
> ]] Tollef Fog Heen
>
>> Hi,
>>
>> (Cc to varnish maintainer in Debian and Fedora)
>>
>> we've had a denial of service attack reported in Varnish. I
>> believe we should get this fixed in stable (we're working on a
>> patch), but I'd like a CVE # to go with the advisory. Draft
>> advisory at http://etherpad.wikimedia.org/p/WnwRT4FH6e
>>
>> Regards, -- Tollef Fog Heen Technical lead | Varnish Software AS
>> 📞: +47 21 98 92 64 We Make Websites Fly!
>
Please use CVE-2013-4484 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJScTADAAoJEBYNRVNeJnmTDqIQALHYdrKe6DwLSO53z/RhXApG
iZbKmalHlO8SEoMP8DCW6ln20/eBIzn/vgNoBQUy8DSt2prnllaAjLpXtZkPwX0O
ZG6DQOq79FeEGEHA5/3VN7gFYoFKYYYrPnfJGrQ//RmT1wh/IFJweOONWi0w686/
APfER2THBfe05jGEti6MB6JcV31S4VtEWNBqToasW7UInHqxuG2ryQsTMaiU/oXW
FR29oTbRoBr8gPTOX5aroQuH9gO72WNcRQ1SXupQAfUYwyM/9Y2KrnYR5xDg8Uop
n2A4ON2bqFxD0vmqod8SmB96FoTRzMemBTpqx4pCEEdEV2B9OVD7c+K3U5+6QFLP
KoJc3hdHqZj2T98OZyVKfWFzkZPy/WHOX8pjgzgPmNR9syvufoe5zL9iox8HvSk6
1mhq5xpXL00wu4Z9V7DdiSKZUJ1zEWSukZy3gTrGIDDYpX6lkxtnLmIH3gaM3tvY
v5QEYPwBsDagnxsslrt5gA8gE4Hf0j/b9AjGngK96SkN+77zkHo8qjAIR373w9/k
SRXc4OFs2V0YB1rm4jV44X2hY2UbWN6631Hy60KZrknWkA6Ij/+lslZ4ShUK2LXt
Gc512k/q6MrkguCesHCpTmWaHO+Q+HK9e+vkpoj8jnj+rNHFGyFL+jO4vXN2QuXk
mBZpOoGORQnvfaSYBadq
=cio8
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic