oss-sec mailing list archives
Re: Follow up: PowerDNS Security Advisory 2015-01
From: cve-assign () mitre org
Date: Fri, 10 Jul 2015 16:34:49 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Update 7th of July 2015: Toshifumi Sakaguchi discovered that the original fix was insufficient
For cases of an insufficient fix, an additional CVE ID is assigned. Use CVE-2015-5470. The reason for this CVE is apparently the absence of: if (ret.length() > 1024) throw MOADNSException("Total name too long"); in PowerDNS Recursor 3.6.3 and 3.7.2 and Auth 3.3.2 and 3.4.4. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVoCm+AAoJEKllVAevmvmsCd0IAIYvsrFye9E332uBKjKKzo+V y2KfAeiN0qxnTL31MdYavs8ruWNkzQFgBSPKbhqYYPGKU661SMr+hDy2mVSicysY MywUEOamB4/9/vA11QV0P+KNhtUmwUJwL7FslAGveSZm+3OF9qxQPtIzNQQdh6J7 YzEW1Xk5UxmjCJmWyzasFf39jAUax/RngvKtHYrUjGkNKZXWabCFqiZ5tO90ga+7 sRhN1HSNSbxB2KMIFCqTMxe78xGV/8J7ifTihQBZe7gx2GbcoBLCf0v+N4mFTl6U Ziio5mchYZU5HLtdqwMxRg5/vDoxbGT7C1Nqg8rUZAgmFERzwrYzdax8HP/hzhk= =ONFs -----END PGP SIGNATURE-----
Current thread:
- Follow up: PowerDNS Security Advisory 2015-01 Pieter Lexis (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 Alessandro Ghedini (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 cve-assign (Jul 10)