Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.20.1609291617400.13997@tvnag.unkk.fr>
Date: Thu, 29 Sep 2016 16:18:44 +0200 (CEST)
From: Daniel Stenberg <daniel@...x.se>
To: c-ares hacking <c-ares@...l.haxx.se>
cc: oss-security@...ts.openwall.com
Subject: Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write

On Thu, 29 Sep 2016, Daniel Stenberg wrote:

> INFO
> ----
>
> The Common Vulnerabilities and Exposures (CVE) project has assigned the name
> CVE-2016-5180 to this issue.
>
> AFFECTED VERSIONS
> -----------------
>
> This flaw exists in the following c-ares versions.
>
> - Affected versions: libcurl 1.0.0 to and including 1.11.0
> - Not affected versions: c-ares >= 1.12.0

Sorry for being sloppy. I meant to write c-ares above and not libcurl. This 
was a copy and paste error that is already fixed in the web version of this 
advisory at

  https://c-ares.haxx.se/adv_20160929.html

-- 

  / daniel.haxx.se

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.