Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Feb 2013 20:08:44 -0500 (EST)
From: cve-assign@...re.org
To: nadhem.alfardan.2009@...l.ac.uk, kenny.paterson@...l.ac.uk,
        bugs@...tls.org, security@...illa.org, maintainer@...arssl.org,
        p.j.bakker@...spark.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are interested in the CVE name assignments for the recent TLS
and DTLS disclosure at http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
please see:

  http://openwall.com/lists/oss-security/2013/02/05/24

This references:

  Mozilla Network Security Services (NSS)  CVE-2013-1620
  GnuTLS                                   CVE-2013-1619
  PolarSSL                                 three CVEs (see below)

    PolarSSL - TLS and DTLS protocol issue:      CVE-2013-0169
    PolarSSL - out-of-bounds comparisons:        CVE-2013-1621
    PolarSSL - lack of MAC check in some cases:  CVE-2013-1622

and other products.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)

iQEcBAEBAgAGBQJREanXAAoJEGvefgSNfHMdRSkH/jDVd3wagUKNvjO2mTVo1Jdy
MYvKStezZTgVDMw4f5zLJcEM7Cm/74tvbst/DdIgHiMI188z9v1CZ5XgBCft3LSm
DninOatvTcB/8CHhJ80q4vRH7EqiAVVWdq+SAPSU0v+e43rxIE1S1z+axOkG4xpt
O6vxiXeaD9jZcNJx93nbBVceC6fphmq7Oz/eWdcYMf/BKsADxinxpTpLX/8U9vJH
cdBAG4I5PUAgnWbHj/Fk/oeVKjYGLmiejMO9WU+/5NpxILUJP2hHz4Fqz8qR4Ovq
eME40QIIfaumyJ1puY5jJ0jTmbxMkPT7irmZ/YlHnLB5s9CfwJEec0tfkCZcBgM=
=2FcO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ