Re: [Libguestfs] [NBDKIT SECURITY] Denial of Service / Amplification Attack in nbdkit

On 9/12/19 12:41 PM, Richard W.M. Jones wrote: > We have discovered a potential Denial of Service / Amplification Attack > in nbdkit. Unfortunately, our fix for this issue cause another potential Denial of Service attack: > > Lifecycle > --------- > > Reported: 2019-09-11 Fixed: 2019-09-11 Published: 2019-09-12 > > There is no CVE number assigned for this issue yet, but the bug is > being categorized and processed by Red Hat's security team which may > result in a CVE being published later. > Reported: 2019-09-18 Fixed: 2019-09-19 Published: 2019-09-20 Also pending Red Hat security review for whether this deserves a CVE (presumably either both issues, or neither, will have a CVE)