[<prev] [next>] [thread-next>] [month] [year] [list]
Date: Mon, 12 Jan 2009 14:39:44 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request -- tsqllib, slurm-llnl, libnasl,
libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Hello Steve,
could you please allocate CVE ids for the following OpenSSL's
CVE-2008-5077 related issues:
tsqllib: https://bugzilla.redhat.com/show_bug.cgi?id=479650
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509
libnasl: https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517
boinc-client: https://bugzilla.redhat.com/show_bug.cgi?id=479664
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521
m2crypto: https://bugzilla.redhat.com/show_bug.cgi?id=479676
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515
Other related issues (probably more to come):
slurm-llnl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511
libcrypt-openssl-dsa-perl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519
erlang: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520
(Lower severity issue due the fact, the output of
DSA_do_verify function is further processed and
sent back to the caller, where it is compared against 1:
>>From lib/crypto/src/crypto.erl:
dss_verify(Dgst,Signature,Key) ->
control(?DSS_VERIFY, [Dgst,Signature,Key]) == <<1>>.
Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux