[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8543) CVE-2015-3276: incorrect multi-keyword mode cipherstring parsing

>> CVE-2015-3276 appears to be unfixed in 2.4.44, and from several
>> attempts at finding the bug reported in your mailing list archive
>> I came up empty.  So ...  The best I've found from this CVE is
>> RedHat's bugzilla entry at
>> https://bugzilla.redhat.com/show_bug.cgi?id=3D1238322
>> which contains a (suggested) patch.
> We can integrate a suggested fix if the patch author submits their
> patch to our ITS directly. Due to IPR concerns we don't accept or act=

> on 3rd party patch submissions.

Hm, ok.  I've submitted an update to the above bug entry
petitioning for them to release the fix.  We'll see if they act
on it.


- H=E5vard