top | item 46144812

(no title)

guerby | 2 months ago

Looking at the CVE history, first "LTS" release 3.0.0 was quickly replaced by 3.0.1

"CVE-2025-40779: Kea crash upon interaction between specific client options and subnet selection"

unprotected null pointer use, kea is in C++

discuss

bayindirh|2 months ago

Shall we call Rust Evangelism Task Force and Rewrite in Rust in 3 femtoseconds?

vpShane|2 months ago

Actually, yes, that'd be great!

All software from ISC was/is littered with security vulnerabilities. BIND is in the same hall of shame as Sendmail.