Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Confirm CVE-2017-6519 #145

FIOpwK opened this issue Sep 3, 2017 · 4 comments


None yet
3 participants
Copy link

commented Sep 3, 2017

Hi, I am a current Security Recruit at Gentoo. (Rank: padawan | irc@ jmbailey)

I'm seeking to affirm a CVE on your product which does not appear to have a ticket here upstream.


Currently our repository contains 0.6.32, 0.6.32-r1, and 0.6.32-r2. (am aware of gentoo patches)

If you can point me to documentation on the matter or validate the bug's existence, it is appreciated.

Thank you!

Gentoo Security Padawan


This comment has been minimized.

Copy link

commented Sep 4, 2017

Thanks for the report. I was not aware of this CVE, though had received a similar report on a Launchpad bug for Ubuntu that I was unable to duplicate (but I think I tried on IPv4 only in that case).

I'll check the issue further and update you. At a guess probably requires the unicast response bit to be set also.


This comment has been minimized.

Copy link

commented Sep 14, 2017

Any update on the issue?


This comment has been minimized.

Copy link

commented May 7, 2018

Ping, any update on this?


This comment has been minimized.

Copy link

commented Oct 13, 2018

@lathiat can you address this CVE?

@lathiat lathiat closed this in e111def Dec 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.