Date: Mon, 14 Dec 2015 13:44:43 +0300 From: Lucid Lynx <luc.lynx@...dex.ru> To: oss-security@...ts.openwall.com Subject: CVE Request: two issues in bee2 crypto library Hello! I found two issues in the 2015.10.29 version of bee2 crypto library that can be found at https://github.com/agievich/bee2. The library implements cryptographic algorithms standardized in Belarus and it is maintained by Belarussian State University. The first iisue is possible leakage of sensitive data, the report can be found at https://github.com/agievich/bee2/issues/5 Another one is memory leak that can lead to DoS, the report can be found at https://github.com/agievich/bee2/issues/6 The both vulnerabilities were reported to maintainers and were fixed several days ago. Please assign CVE IDs for these bugs if you think they are worth it in this case (right now the library is'n very popular though it can be used in some proprietary software). -- LL
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ