Re: [bug-serveez] Serveez Information Leak Vulnerability

bug-serveez

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-serveez] Serveez Information Leak Vulnerability

From:	Austin James Gadient
Subject:	Re: [bug-serveez] Serveez Information Leak Vulnerability
Date:	Sat, 23 Nov 2019 00:30:36 +0000

Hi Raimund,

Just checking in. The CVE has been published here: 
https://nvd.nist.gov/vuln/detail/CVE-2019-16200.
Did the patch file work? Will you push the patch for the bug?

Thanks,
Austin

________________________________________
From: bug-serveez <bug-serveez-bounces+agadient=address@hidden> on behalf of 
Austin James Gadient <address@hidden>
Sent: Saturday, November 16, 2019 9:00 AM
To: Raimund 'Raimi' Jacob-Blödorn; address@hidden
Subject: Re: [bug-serveez] Serveez Information Leak Vulnerability

Hi Raimund,

Did that patch file work for you?

Thanks,
Austin
________________________________________
From: Austin James Gadient
Sent: Saturday, November 9, 2019 8:07 PM
To: Raimund 'Raimi' Jacob-Blödorn; address@hidden
Subject: Re: [bug-serveez] Serveez Information Leak Vulnerability

Hi Raimund,

Ah sorry about that and no problem!

I have attached a patch file that you should be able to apply from the 
serveez-0.2.2 directory.

Let me know if you have any issues and thank you for your time!

Best Regards,
Austin
________________________________________
From: Raimund 'Raimi' Jacob-Blödorn <address@hidden>
Sent: Saturday, November 9, 2019 10:58 AM
To: Austin James Gadient; address@hidden
Subject: Re: [bug-serveez] Serveez Information Leak Vulnerability

On 11/7/19 5:57 PM, Austin James Gadient wrote:

Hello Austin!

> Just following up. Have you had a chance to look at this?

Well, I cannot do much with your Mac OS compilation attempts.

I tried to diff your sources against the "next" branch of the serveez
git repository but could not identify any change of yours.

If I understand you correctly, it should be sufficient to make
http->contentlength an unsigned int (and/or have an arbitrary cap somwhere).

I am really sorry to have so little time to investigate. But if you send
mit a simple diff I'll do my best to apply it.

Greetings,

        Raimund


_______________________________________________
bug-serveez mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/bug-serveez

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-serveez] Serveez Information Leak Vulnerability, Austin James Gadient, 2019/11/03
- Re: [bug-serveez] Serveez Information Leak Vulnerability, Raimund 'Raimi' Jacob-Blödorn, 2019/11/04
  - Re: [bug-serveez] Serveez Information Leak Vulnerability, Austin James Gadient, 2019/11/04
    - Re: [bug-serveez] Serveez Information Leak Vulnerability, Austin James Gadient, 2019/11/07
    - Re: [bug-serveez] Serveez Information Leak Vulnerability, Raimund 'Raimi' Jacob-Blödorn, 2019/11/09
    - Re: [bug-serveez] Serveez Information Leak Vulnerability, Austin James Gadient, 2019/11/09
    - Re: [bug-serveez] Serveez Information Leak Vulnerability, Austin James Gadient, 2019/11/16
    - Re: [bug-serveez] Serveez Information Leak Vulnerability, Austin James Gadient <=
    - Re: [bug-serveez] Serveez Information Leak Vulnerability, Raimund 'Raimi' Jacob-Blödorn, 2019/11/23
    - Re: [bug-serveez] Serveez Information Leak Vulnerability, Austin James Gadient, 2019/11/23

Prev by Date: Re: [bug-serveez] Serveez Information Leak Vulnerability
Next by Date: Re: [bug-serveez] Serveez Information Leak Vulnerability
Previous by thread: Re: [bug-serveez] Serveez Information Leak Vulnerability
Next by thread: Re: [bug-serveez] Serveez Information Leak Vulnerability
Index(es):
- Date
- Thread