Remotely triggerable crash
John Bailey
rekkanoryo at rekkanoryo.org
Tue Sep 21 23:22:35 EDT 2010
On 09/17/2010 06:29 PM, John Bailey wrote:
> On 09/17/2010 06:18 PM, Daniel Atallah wrote:
>> Do we need a CVE for this?
>
> Since we know the Yahoo issue, at least, is a definite remote crasher, yes, we
> do. Since all the potential remote issues share the same root cause, we can
> request a single blanket CVE, something along the lines of "Insufficient return
> value checking leads to remotely triggerable denial of service" that indicates
> the same problem exists in multiple locations.
>
> John
Can we get this process jump-started so we can get a release pushed? We have a
good number of bug fixes ready for this release that I'd like to see get pushed
out soon. Maybe shoot for an October 7 or 8 release?
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100921/3c64c4ff/attachment.pgp>
More information about the security
mailing list