On Thu, Aug 4, 2011 at 5:13 AM, Henri Salo wrote: > Could issue TEMP-0000000-0999A8[1] be the same as #457334[2] "CVE-2007-6437 > prone to denial of service attack"?
No, these do not appear to be the same issues. According to the changelog, TEMP-0000000-0999A8 was an issue in zero-length udp packets (and was applied in 2.0rc1-2), and CVE-2007-6437 fixed a whitespace issue (and was applied in 2.0.6-1). I don't consider changelog parsing sufficient, but I also simply don't have time to dig further than this on this particular issue. If someone else did have the time and interest, the diffs for those versions should greatly clarify the particular problems solved therein. Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CANTw=mmfg8dnnwbn01e0j7ck7mrhfaohhp5+2qs6x6yw69n...@mail.gmail.com
