Date: Fri, 18 Jul 2014 21:01:27 +0100 From: Stuart Henderson <stu@...cehopper.org> To: oss-security@...ts.openwall.com Cc: hanno@...eck.de, cve-assign@...re.org Subject: Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure > > https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux > > > forking a process can create repeated random numbers > > > Please assign CVE. > > The existence of a popular blog post discussing a number of > interrelated LibreSSL and OpenSSL issues doesn't mean that we have a > good way to proceed by assigning a single CVE ID. I see a number of web pages relating to this issue are mentioning that it has already been assigned CVE-2014-2970, can anyone throw light on this?
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ