[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 14 Apr 2014 11:27:21 -0400 (EDT)
From: cve-assign@...re.org
To: sbauer@....utah.edu
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Use-after-free race condition,in OpenSSL's read buffer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> http://www.openbsd.org/errata55.html#004_openssl
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
> http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup
> http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
> https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
> https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest
>
> (not yet available at
> http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/s3_pkt.c;hb=701134320a94908d8c0ac513741cab41e215a7b5
> line 1337)
Use CVE-2010-5298.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJTS/3RAAoJEKllVAevmvmsSDcH/0yHd90E4aJfKbtlsIBfOi8p
+XIdUtbWsYhFu97QjjubRkRO4KnRRmZJrygLcFN1XGJW80px8JZBqT1OW/vHSAwh
rHaBLqEjl8z5MU41rlqSwnzjA17kG3pPvltOu8kYqiBEKn32YSMwU4ZCIYpa6+Sb
LCiOM8iu5DX3VZrIjk4U/iStgOlxNs4i8Jv2xHy3oPSTspaO46LeeygTz6k9hlGr
qk1Aek9gxr+FNk7MJ1kHsct3IUFq67TIBSgc3H7k/ucwOxh1VxfxVxsHgrgj0+N5
4/8b3ZoLsNN1UY91KW/qcRJfCsC9XEI7NqDF/uTJKJX74DRBqMeOYG4YtAXECLs=
=mxUa
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
