syslog-ng: dos / TEMP-0000000-0999A8
Could issue TEMP-0000000-0999A8[1] be the same as #457334[2] "CVE-2007-6437 prone to denial of service attack"?
Issue #457334 is reported Fri, 21 Dec 2007 16:54:04 UTC and TEMP-0000000-0999A8 seems to be committed to CVE/list as[3]:
"""
CVE-2006-XXXX [syslog-ng dos]
- syslog-ng 2.0rc1-2 (low)
[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
"""
There is DSA commit done at Wed Jan 16 08:10:07 2008 UTC[4], which fixes #457334. Upstream patch for #457334 is: http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
1: http://security-tracker.debian.org/tracker/TEMP-0000000-0999A8
2: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
3: http://anonscm.debian.org/viewvc/secure-testing?view=revision&revision=4493
4: http://anonscm.debian.org/viewvc/secure-testing/data/DSA/list?r1=7935&r2=7934&pathrev=7935
Best regards,
Henri Salo
Reply to: