Hello there, I have just become aware of this bug. Right now, I can reproduce the crash in Cygwin 64-bit, but am unable to reproduce the crash in my 32-bit CentOS6 development environment where I would actually be able to get a full stack trace (which was not provided in the original bug report). Until I can get a setup to reproduce the crashes in a manner which lets me have full stack traces, I will not be able to make the appropriate patches to fix the bug.
There is no money on the table, and I have stopped actively developing MaraDNS every since becoming a single parent with a full-time job. Welcome to the world of open source economics: Since I’m not getting paid for my time writing open-source software, I have very little time to devote to MaraDNS. I will open up a GitHub bug so that users know I am aware of the bug. I do not have a time frame for fixing the issue at this time. Hopefully by the end of the year. -- Sam On Sat, Nov 12, 2016 at 10:18 AM, Luciano Bello <luci...@debian.org> wrote: > Source: maradns > Severity: grave > Version: 2.0.13-1.2 > Tags: security upstream > > Hi, > > The following vulnerability was published for MaraDNS: > http://seclists.org/oss-sec/2016/q4/411 > > No CVE is was assigned yet, but the request was made in that thread. > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry, if it > is > assigned soon. > > Please adjust the affected versions in the BTS as needed. > > Regards,luciano > >
