Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 08 May 2014 14:15:20 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: cve-assign@...re.org
Subject: Re: Re: CVE Request: OpenSSL NULL pointer dereference
 in do_ssl3_write

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to confirm what Mitre said, also in general the only time I will
be assigning CVE's on oss-security in the future is for anything time
sensitive, the main reason I did CVE-2014-0198 was also due to the
potential for a blow up (since you know, the week before we'd had a
full on OpenSSL fire drill). One thing  I will ensure in future is to
CC cve-assign@ to minimize the chanc of a duplicate.

Also as usual if you want to make a private request information on how
to do so is available here:

http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTa+XYAAoJEBYNRVNeJnmTH+wQAL3BStUXwH7NJK3VZJ8oD1Dn
vHOLjYE94iz+5EfqDDddkVQDIKIJIc4wipr0qRStYExcLWIknZaPDFGHMTeJ8Uhi
WnsP/EFPbtmvgejz6ShNI61TdGAoKLzqirG1dvETgW4pIh16y+5wLcqY9YvA8LEj
5AODKOrDaHcRzrHIkLzlw1h+UBbHeoZn4FflL9HpAPpj+VUuKBrS939ZkAKN9pP2
KkPPWoAlwjhNp5cv18++Uuon+Tq6NGCHUFmBeldSKOkzmngY6Ye9ZWzRwNPfNo4x
fC3FL80X+foM4BEhAzzFh/jagSQRRNZRkAnFZpFrQpnihMaMISFkhBLl8jwyeOHB
XAnL+gvaI77D00MVspeE62ePz9kbLfWlKstsBl250Um7qivTcOMhjTiT+3F33kMV
qRp5vK2yfx8goakVEgJIAjgh0mGhZYC2k1Mvj/MFF5kxC7nk4mtaxagqMD1GG+Vh
1Ztd+ERZJ09jJ40gkhuW3uutvimy2TDvXmOBp9goYK3j+cOR9eMQeXs6KtN+Es1m
mrbcwBtgcqRd0ZAsGMTHBhBTZQs5wiguQBBF5aIqobl2zL3nSos3iCKs0U+4uQ1q
VbOzuORuZUTYuU8Sp0/+7Hr3ZdyoT3ljZSbbtWzx0dRxfGTuMtc4uQyKOM17QZ4N
6XPFH79m5O5eFmebl4el
=OJo4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ