Date: Thu, 17 Apr 2014 14:13:11 +0200 From: Raphael Geissert <geissert@...ian.org> To: Open Source Security <oss-security@...ts.openwall.com>, cve-assign@...re.org Cc: ifsecure@...il.com, info@...fssl.com Subject: CVE ids for CyaSSL 2.9.4? Hi, [CC'ing Ivan Fratric and one of the many @wolfssl addresses I found] CyaSSL 2.9.4 fixes a number of security issues. >From : > Issue #1 (Memory Corruption) > Issue #2 (Out of bounds read) > Issue #3 (Dangerous Default Behavior, out of bounds read) > Issue #4 (NULL pointer dereference) > Issue #5 (Unknown Critical Certificate Extension Allowed) Have CVE ids been assigned already? if not, could they be assigned? Thanks in advance. References: http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html http://www.yassl.com/forums/topic539-cyassl-294-released.html http://www.yassl.com/yaSSL/Blog/Entries/2014/4/9_CyaSSL_2.9.4_Released.html http://www.yassl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ