On Fri, Jan 23, 2009 at 11:52 PM, Brad Nicholes <bnicho...@novell.com> wrote:
>>> * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0242 >>> >>> "Ganglia 3.1.1 allows remote attackers to cause a denial of service via >>> a request to the gmetad service with a path does not exist, which causes >>> Ganglia to (1) perform excessive CPU computation and (2) send the entire >>> tree, which consumes network bandwidth." >> >> this one is IMHO invalid as the CPU and bandwith costs for this in the >> current code are constant and the wording quoted was most likely taken >> out of context as it referred originally to a contribution proposal >> which has not been yet committed. >> agreed, all the advisories I've seen around have misquoted my original report and missed the link to the feature proposal. As it stands this CVE is invalid. > > Are we finished hashing this whole patch out yet? Are we ready to apply the > current patch to 3.1.2 and release or is there still more discussion going on? as far as I'm concerned #223 is resolved and good to go. thanks everybody. -- "Behind every great man there's a great backpack" - B. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
