Date: Thu, 12 Feb 2009 11:07:29 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: pycrypto A specific version wasn't listed and the new maintainer hasn't released any new versions, so I'm assuming the last version under the previous maintainer, which seems to be 2.0.1. Pinguar, sorry for the delay. - Steve ====================================================== Name: CVE-2009-0544 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544 Reference: MLIST:[oss-security] 20090207 CVE Request: pycrypto Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/07/1 Reference: CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b Reference: CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d Reference: XF:pycrypto-arc2module-bo(48617) Reference: URL:http://xforce.iss.net/xforce/xfdb/48617 Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ