On Mon, Oct 05, 2015 at 12:38:50AM +0200, Jason A. Donenfeld wrote:
> Hi folks,
>
> I'm passing the gauntlet for anyone who wants to analyze this for
> impact etc. There's a remotely triggerable buffer overflow in
> OpenBSD's OpenSMTPD -- the latest version, 5.7.2 -- reachab
> On 05 Oct 2015, at 00:38, Jason A. Donenfeld wrote:
>
> At some point we might want a CVE for this.
>
Please, next time you publish such a security issue -- give developers a chance
to provide patches, *before* going public. Think of the production servers which
run
On Mon, Oct 05, 2015 at 10:38:34AM +0200, Joerg Jung wrote:
>
> > On 05 Oct 2015, at 00:38, Jason A. Donenfeld wrote:
> >
> > At some point we might want a CVE for this.
> >
>
> Please, next time you publish such a security issue -- give developers a
> chance
> to provide
Hi folks,
I'm passing the gauntlet for anyone who wants to analyze this for
impact etc. There's a remotely triggerable buffer overflow in
OpenBSD's OpenSMTPD -- the latest version, 5.7.2 -- reachable by
sending messages with huge header lines. Qualys recently published a
result of a big audit