<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hey - Upstream Designate maintainer
      here.<br>
      <br>
      <meta http-equiv="content-type" content="text/html;
        charset=windows-1252">
      Icehouse - aka 2014.1 - is partially affected by CVE-2015-5695,
      failure to enforce recordset quotas. <br>
      <br>
      This was the less severe of the two CVEs, which we treated as a
      feature not implemented rather than a security issue initially.
      Additionally, the issue could only be exploited through the
      disabled by default + marked experimental V2 API.<br>
      <br>
      Regardless - The patch at [1] should be easy enough to re-work for
      Icehouse.<br>
      <br>
      Thanks,<br>
      Kiall<br>
      <br>
      [1]:
      <a class="moz-txt-link-freetext" href="https://launchpadlibrarian.net/211525408/bug-1471161-quotas-kilo.patch">https://launchpadlibrarian.net/211525408/bug-1471161-quotas-kilo.patch</a><br>
      <br>
      On 19/08/15 09:11, Moritz Muehlenhoff wrote:<br>
    </div>
    <blockquote
      cite="mid:20150819141100.15628.65061.reportbug@pisco.westfalen.local"
      type="cite">
      <pre wrap="">Source: designate
Severity: grave
Tags: security

Hi,
please see the thread starting here:
<a class="moz-txt-link-freetext" href="https://marc.info/?l=oss-security&m=143810184926097&w=2">https://marc.info/?l=oss-security&m=143810184926097&w=2</a>

Can you please check with upstream whether 2014.1 from jessie
is affected, if so we should fix it.

Cheers,
        Moritz


</pre>
    </blockquote>
    <br>
  </body>
</html>