--- Begin Message ---
Hi, CVE-2020-8037 causes a big amount of memory to be allocated (then freed),
it does not cause an attack.
I'm sorry that I haven't managed to succeed in doing the right CVE.json dance
to get the mitre data updated.
Bill Fenner via tcpdump-workers <tcpdump-workers@lists.tcpdump.org> wrote:
> I realize that http://www.tcpdump.org/security.html says there is no
> commitment from the tcpdump group to release security fixes on any
> timeframe whatsoever. However, is there a way for someone who ships
> tcpdump with their product to be made aware of unreleased security
> fixes, or should we rely on Red Hat and others for that?
I can strive to do better.
I think that you are on the security@ list, and I think that this did go
through that list at the time.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers