Remotely triggerable crash

John Bailey rekkanoryo at rekkanoryo.org
Tue Sep 21 23:22:35 EDT 2010


On 09/17/2010 06:29 PM, John Bailey wrote:
> On 09/17/2010 06:18 PM, Daniel Atallah wrote:
>> Do we need a CVE for this?
> 
> Since we know the Yahoo issue, at least, is a definite remote crasher, yes, we
> do.  Since all the potential remote issues share the same root cause, we can
> request a single blanket CVE, something along the lines of "Insufficient return
> value checking leads to remotely triggerable denial of service" that indicates
> the same problem exists in multiple locations.
> 
> John

Can we get this process jump-started so we can get a release pushed?  We have a
good number of bug fixes ready for this release that I'd like to see get pushed
out soon.  Maybe shoot for an October 7 or 8 release?

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100921/3c64c4ff/attachment.pgp>


More information about the security mailing list