From mboxrd@z Thu Jan 1 00:00:00 1970 X-Sympa-To: caml-list@inria.fr Received: from mail4-relais-sop.national.inria.fr (mail4-relais-sop.national.inria.fr [192.134.164.105]) by walapai.inria.fr (8.13.6/8.13.6) with ESMTP id q171ApAX006568 for ; Tue, 7 Feb 2012 02:10:51 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AksBAOl4ME/RhLcckWdsb2JhbABDrR2CKSIBAQEBCQsLBxQGH4FyAQEBBG4KEQsYCRYPCQMCAQIBRQcMCAEBwH2LLgEEAgECAgkCAgEGBwMTAQgFAwMJAwEBBAIFAwkBAgGCcRkEAwwDFAVbg2kEiESMZJJ7 X-IronPort-AV: E=Sophos;i="4.73,373,1325458800"; d="scan'208";a="130343788" Received: from mx1.redhat.com ([209.132.183.28]) by mail4-smtp-sop.national.inria.fr with ESMTP; 07 Feb 2012 02:10:45 +0100 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q171AfxG013236 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 6 Feb 2012 20:10:41 -0500 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q171AeSC004047; Mon, 6 Feb 2012 20:10:40 -0500 Received: from seif-rht-f16.edm.seifried.org (ovpn-113-71.phx2.redhat.com [10.3.113.71]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id q171AbEW031226; Mon, 6 Feb 2012 20:10:37 -0500 Message-ID: <4F3079F7.4040606@redhat.com> Date: Mon, 06 Feb 2012 18:10:15 -0700 From: Kurt Seifried User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120131 Thunderbird/10.0 MIME-Version: 1.0 To: oss-security@lists.openwall.com, team@ocert.org, caml-list@inria.fr, gerd@gerd-stolpmann.de References: <4F3078F1.8070105@redhat.com> In-Reply-To: <4F3078F1.8070105@redhat.com> X-Enigmail-Version: 1.3.5 OpenPGP: id=5E267993 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Validation-by: kseifried@redhat.com Subject: [Caml-list] Re: [oss-security] CVE request: Hash DoS vulnerability (ocert-2011-003) On 02/06/2012 06:05 PM, Kurt Seifried wrote: > So going through various things looks like Ocaml is vulnerable and has > not had a CVE # assigned for this issue yet. > > Discussion of the issue takes place on the mailing list, here is a link > for the originating thread: > >cc > > There doesn't appear to be a fix yet. > > Please use CVE-2012-0839 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)