Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Confirm CVE-2017-6519 #145
Hi, I am a current Security Recruit at Gentoo. (Rank: padawan | irc@ jmbailey)
I'm seeking to affirm a CVE on your product which does not appear to have a ticket here upstream.
Currently our repository contains 0.6.32, 0.6.32-r1, and 0.6.32-r2. (am aware of gentoo patches)
If you can point me to documentation on the matter or validate the bug's existence, it is appreciated.
Thanks for the report. I was not aware of this CVE, though had received a similar report on a Launchpad bug for Ubuntu that I was unable to duplicate (but I think I tried on IPv4 only in that case).
I'll check the issue further and update you. At a guess probably requires the unicast response bit to be set also.