Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 22 Dec 2015 14:50:51 -0800
From: Jessie Frazelle <jess@...ker.com>
To: oss-security@...ts.openwall.com, fweimer@...hat.com
Cc: cve-assign@...re.org
Subject: Re: Re: CVE request for math/big.Exp

do you plan on backporting the commit Florian mentioned as well?

On Tue, Dec 22, 2015 at 1:24 PM, Jason Buberel <jbuberel@...gle.com> wrote:

> The Go team plans to release Go 1.5.3 on Wednesday, January 13th to address
> this issue.
>
> On Tue, Dec 22, 2015 at 12:36 PM <cve-assign@...re.org> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > > The problem that was
> > > identified is similar to CVE-2015-3193
> >
> > >> math/big: fix carry propagation in Int.Exp Montgomery code
> > >> src/math/big/nat.go
> >
> > Use CVE-2015-8618.
> >
> > - --
> > CVE assignment team, MITRE CVE Numbering Authority
> > M/S M300
> > 202 Burlington Road, Bedford, MA 01730 USA
> > [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1
> >
> > iQIcBAEBCAAGBQJWebPbAAoJEL54rhJi8gl5LMsP/20/WzubhID16KKW84qnlMAo
> > F6w3/kPkfTTBr+42W3bNZYSCY0ieVwQsvTN6uz8GrMxJ6H/Vko3H17ltXZAx0nxP
> > Vc53H2QbAiyCaaUA6+vqAeosjBbBhvXNkw7Dj9utDu1hJ2rbBtf5ujddF48CxjoJ
> > +Fsrr7TYHX3Su/4r7MNtBtcMjOeWfD3xB+h++Lp5CL/z4tRKXBS02OM+tlVvdGvq
> > llQQ8dwGIYaJv8v3ZIIdXk1dzurws2B6gvF6uDeaseXtbFpMbRpXxgeFddLowjtZ
> > th9I7oxQUvFASrraIQrobaKPpEOfDJrMjhVzFHPtEFtTvrR71qYqq58NXaoflGV1
> > gEtSptbjm5sAwsjxOWhOVO+wA9JHA8upV2ZVxczdeFGlvyko2KBWdMorjEIWLQGI
> > x2DbkL2+hXlCJfZZUfNy0BjyGpZPGlmT7ZAYguxz6VTT/EC67gJ6pkiv5mZKOeBY
> > PHtH7UaYVBYwh6h5opdmvhkhTJ/a9lXhIez5s5HhX01P31DHmx6RLUMeTBikjwmz
> > IFOEulqQhAH0Qtp2XvPAMKeICXpEv7iWmoP8yNAYQ0SzS4awc7ZjK1mcRka1hcY5
> > Bc5nbQvbZGPag0QeyYPdKyYuNqugj6d3J81kIlcpNfjCT1lSVhxxwjQQzlpi0FCR
> > YJqwm2p3NhpjW57fGRux
> > =HP2t
> > -----END PGP SIGNATURE-----
> >
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ