Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Jul 2015 14:47:51 +0200
From: Adam Maris <>
Subject: CVE for crypto_get_random() from libsrtp


I've got question whether this bug 
( is 
CVE-worthy? Could it be classified as CWE-330: Use of Insufficiently 
Random Values?

According to the SRTP documentation 
it provides 80 bits of random data, which is quite a borderline.


Adam Maris / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ