oss-sec mailing list archives
Re: Re: Remote crash in MaraDNS 2.0.13 and git master
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 5 Dec 2016 16:47:25 +0100
Hi MITRE CVE assigning team, On Mon, Nov 14, 2016 at 01:36:58PM -0500, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256remote crash bug in MaraDNS 2.0.13 js_readuint16Use CVE-2016-9300.remote crash bug in MaraDNS 2.0.13 js_substrUse CVE-2016-9301.remote crash bug in MaraDNS 2.0.13 process_query -> this in fact looks like stack smashing, since it crashes on htons in an unrelated placeUse CVE-2016-9302.
According to the analysis of Sam Trenholme in https://bugs.debian.org/844121#32, and confirmed by Ondrej, afaics, those above would not be vulnerabilities in MaraDNS. Can you please reject those three CVEs? Regards, Salvatore
Current thread:
- Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 12)
- Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 14)
- Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 14)
- Re: Remote crash in MaraDNS 2.0.13 and git master cve-assign (Nov 14)
- Re: Re: Remote crash in MaraDNS 2.0.13 and git master Salvatore Bonaccorso (Dec 05)
- Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 14)