[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1231767584.3228.13.camel@dhcp-lab-164.englab.brq.redhat.com>
Date: Mon, 12 Jan 2009 14:39:44 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request -- tsqllib, slurm-llnl, libnasl,
libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Hello Steve,
could you please allocate CVE ids for the following OpenSSL's
CVE-2008-5077 related issues:
tsqllib: https://bugzilla.redhat.com/show_bug.cgi?id=479650
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509
libnasl: https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517
boinc-client: https://bugzilla.redhat.com/show_bug.cgi?id=479664
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521
m2crypto: https://bugzilla.redhat.com/show_bug.cgi?id=479676
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515
Other related issues (probably more to come):
slurm-llnl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511
libcrypt-openssl-dsa-perl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519
erlang: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520
(Lower severity issue due the fact, the output of
DSA_do_verify function is further processed and
sent back to the caller, where it is compared against 1:
>>From lib/crypto/src/crypto.erl:
dss_verify(Dgst,Signature,Key) ->
control(?DSS_VERIFY, [Dgst,Signature,Key]) == <<1>>.
Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
