Date: Sun, 19 Jun 2011 18:38:17 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: Re: Multiple libraries privilege checking * Sebastian Krahmer: > The libraries that I had a quick look at and which were found > "vulnerable" are: > > - openssl-1.0.0c > - openldap-2.4.23 > - cyrus-sasl-2.1.23 > > which is probably far from complete. If someone wants to keep track, here's another one: NSS (the crypto library) has some questionable features controlled by environment variables.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ