Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Sat, 07 Feb 2009 11:02:46 +0200
From: Pinar Yanardag <pinar@...dus.org.tr>
To: oss-security@...ts.openwall.com
Subject: CVE Request: pycrypto

Hi,

There's a buffer overflow in pycrypto ARC2 module. Can you assign a CVE?

Test case: http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d
Patch: http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b

Cheers,

-- 
Pinar Yanardag
http://pinguar.org
_____________________________

Pardus Security Team
http://security.pardus.org.tr

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ