Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Jul 2014 21:01:27 +0100
From: Stuart Henderson <stu@...cehopper.org>
To: oss-security@...ts.openwall.com
Cc: hanno@...eck.de, cve-assign@...re.org
Subject: Re: Re: CVE request: libressl before 2.0.2 under
 linux PRNG failure

> > https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux
> 
> > forking a process can create repeated random numbers
> 
> > Please assign CVE.
> 
> The existence of a popular blog post discussing a number of
> interrelated LibreSSL and OpenSSL issues doesn't mean that we have a
> good way to proceed by assigning a single CVE ID.

I see a number of web pages relating to this issue are mentioning that
it has already been assigned CVE-2014-2970, can anyone throw light on this?

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ