[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9124) Unauthenticated remote denial-of-service (Null pointer dereference in ber_skip_tag)
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#9124) Unauthenticated remote denial-of-service (Null pointer dereference in ber_skip_tag)
- From: hyc@symas.com
- Date: Fri, 29 Nov 2019 15:50:07 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
stephan@srlabs.de wrote:
> Note: After Cyrus SASL fixes the other issue #9123, I will request CVE id=
> 's for the two bugs and share them as a reference in the relevant issues =
> (#9123, #9124)
Usual practice for CVEs is not to make them public until fixes are released. In the
future, you should tick the Major Security Issue button for potential CVEs so they
can be handled privately before release.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/