On Wed, Aug 18, 2021 at 03:39:15PM -0500, Eric Blake wrote:
> We have discovered a potential Denial of Service Attack in nbdkit,
> when using opportunistic TLS.
>
> Fixes
> -
>
> This affects all nbdkit versions 1.12 through 1.26.4, as well as
> development versions through 1.27.5. A fix is
Hi Eric,
On Wed, Aug 18, 2021 at 11:02:48AM -0500, Eric Blake wrote:
> Dan Berrangé and I thought about some more potential future problems:
> right now, even with FORCEDTLS mode (in both client and server), we
> have NO way to validate that the initial NBD_FLAG_[C_] bits advertised
> between clie
