Bug 1066609 (CVE-2014-2031, CVE-2014-2032)
Summary: | CVE-2014-2031 CVE-2014-2032 maradns: DoS due to incorrect bounds checking on certain strings | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | extras-orphan, mmcallis, tomek |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-02-18 21:19:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1066611, 1066612 | ||
Bug Blocks: |
Description
Martin Prpič
2014-02-18 17:27:51 UTC
Created maradns tracking bugs for this issue: Affects: fedora-all [bug 1066611] Affects: epel-5 [bug 1066612] F20 update went stable few days ago. Please check facts before opening such bugs. F19 update waits for testers. I don't care about EPEL. (In reply to Tomasz Torcz from comment #2) > F20 update went stable few days ago. Please check facts before opening such > bugs. > F19 update waits for testers. > I don't care about EPEL. Please don't close SRT bugs. This bug was not assigned to you, so please don't close it. We don't care whether you care about EPEL. The maintainer should care about it. If you're the maintainer of the EPEL version, then I'd suggest we have a problem and maybe someone who _does_ care should take care of it (since it is shipped and, presumably, supported in EPEL5). Also, instead of making some rude comments, you could have pointed to the fixed packages: https://admin.fedoraproject.org/updates/FEDORA-2014-2421 (maradns-2.0.09-1.fc20) https://admin.fedoraproject.org/updates/FEDORA-2014-2439 (maradns-2.0.09-1.fc19, but this one is currently in testing, not stable) (In reply to Vincent Danen from comment #3) > We don't care whether you care about EPEL. The maintainer should care about > it. If you're the maintainer of the EPEL version, then I'd suggest we have > a problem and maybe someone who _does_ care should take care of it (since it > is shipped and, presumably, supported in EPEL5). Or have it removed if it's unmaintained: https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life#EPEL |