<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hey - Upstream Designate maintainer
here.<br>
<br>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Icehouse - aka 2014.1 - is partially affected by CVE-2015-5695,
failure to enforce recordset quotas. <br>
<br>
This was the less severe of the two CVEs, which we treated as a
feature not implemented rather than a security issue initially.
Additionally, the issue could only be exploited through the
disabled by default + marked experimental V2 API.<br>
<br>
Regardless - The patch at [1] should be easy enough to re-work for
Icehouse.<br>
<br>
Thanks,<br>
Kiall<br>
<br>
[1]:
<a class="moz-txt-link-freetext" href="https://launchpadlibrarian.net/211525408/bug-1471161-quotas-kilo.patch">https://launchpadlibrarian.net/211525408/bug-1471161-quotas-kilo.patch</a><br>
<br>
On 19/08/15 09:11, Moritz Muehlenhoff wrote:<br>
</div>
<blockquote
cite="mid:20150819141100.15628.65061.reportbug@pisco.westfalen.local"
type="cite">
<pre wrap="">Source: designate
Severity: grave
Tags: security
Hi,
please see the thread starting here:
<a class="moz-txt-link-freetext" href="https://marc.info/?l=oss-security&m=143810184926097&w=2">https://marc.info/?l=oss-security&m=143810184926097&w=2</a>
Can you please check with upstream whether 2014.1 from jessie
is affected, if so we should fix it.
Cheers,
Moritz
</pre>
</blockquote>
<br>
</body>
</html>