forwarded 778367 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243 tags 778367 + moreinfo thanks
Hi, Michael Gilbert wrote: > Note that the versions mentioned in the advisory are really old > (freebsd 5.4), but unfortunately there aren't enough details yet to > actually check. There are barely any details at all: http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000134.html It is an "issue in the handling of the TCP session timer, which may lead to a denial-of-service". "When a sepcially crafted packet from a malicious server is received, a condition where client resources are not released may occur". https://jvn.jp/en/jp/JVN07930208/index.html "This JVN publication was delayed to 2014/11/21 after developer fixes were developed"; only a few proprietary systems are mentioned as 'not vulnerable'. On the day of publication, the FreeBSD bug was opened by a third party with still no additional details. It doesn't seem that JVN notified OpenBSD either. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150214122404.ga2...@squeeze.pyro.eu.org
