Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 08 May 2014 14:15:20 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: cve-assign@...re.org
Subject: Re: Re: CVE Request: OpenSSL NULL pointer dereference
 in do_ssl3_write

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to confirm what Mitre said, also in general the only time I will
be assigning CVE's on oss-security in the future is for anything time
sensitive, the main reason I did CVE-2014-0198 was also due to the
potential for a blow up (since you know, the week before we'd had a
full on OpenSSL fire drill). One thing  I will ensure in future is to
CC cve-assign@ to minimize the chanc of a duplicate.

Also as usual if you want to make a private request information on how
to do so is available here:

http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTa+XYAAoJEBYNRVNeJnmTH+wQAL3BStUXwH7NJK3VZJ8oD1Dn
vHOLjYE94iz+5EfqDDddkVQDIKIJIc4wipr0qRStYExcLWIknZaPDFGHMTeJ8Uhi
WnsP/EFPbtmvgejz6ShNI61TdGAoKLzqirG1dvETgW4pIh16y+5wLcqY9YvA8LEj
5AODKOrDaHcRzrHIkLzlw1h+UBbHeoZn4FflL9HpAPpj+VUuKBrS939ZkAKN9pP2
KkPPWoAlwjhNp5cv18++Uuon+Tq6NGCHUFmBeldSKOkzmngY6Ye9ZWzRwNPfNo4x
fC3FL80X+foM4BEhAzzFh/jagSQRRNZRkAnFZpFrQpnihMaMISFkhBLl8jwyeOHB
XAnL+gvaI77D00MVspeE62ePz9kbLfWlKstsBl250Um7qivTcOMhjTiT+3F33kMV
qRp5vK2yfx8goakVEgJIAjgh0mGhZYC2k1Mvj/MFF5kxC7nk4mtaxagqMD1GG+Vh
1Ztd+ERZJ09jJ40gkhuW3uutvimy2TDvXmOBp9goYK3j+cOR9eMQeXs6KtN+Es1m
mrbcwBtgcqRd0ZAsGMTHBhBTZQs5wiguQBBF5aIqobl2zL3nSos3iCKs0U+4uQ1q
VbOzuORuZUTYuU8Sp0/+7Hr3ZdyoT3ljZSbbtWzx0dRxfGTuMtc4uQyKOM17QZ4N
6XPFH79m5O5eFmebl4el
=OJo4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ