[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: syslog-ng: dos / TEMP-0000000-0999A8



On Thu, Aug 4, 2011 at 5:13 AM, Henri Salo wrote:
> Could issue TEMP-0000000-0999A8[1] be the same as #457334[2] "CVE-2007-6437 prone to denial of service attack"?

No, these do not appear to be the same issues.  According to the
changelog, TEMP-0000000-0999A8 was an issue in zero-length udp packets
(and was applied in 2.0rc1-2), and CVE-2007-6437 fixed a whitespace
issue (and was applied in 2.0.6-1).

I don't consider changelog parsing sufficient, but I also simply don't
have time to dig further than this on this particular issue.  If
someone else did have the time and interest, the diffs for those
versions should greatly clarify the particular problems solved
therein.

Best wishes,
Mike


Reply to: