Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Dec 2015 13:41:43 +0300
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: Being vulnerable to POODLE

On 2015-12-26 07:28:52 +0000, Sevan Janiyan wrote:

 > Hi, If you have a piece of software which is vulnerable to POODLE,
 > should a CVE be requested for it or should CVE-2014-3566 just be
 > referenced in any advisories published?

The POODLE is an OpenSSL vulnerability, so referencing CVE-2014-3566
should be enough.

 > It turns out that CoovaChilli is vulnerable to POODLE & I'd
 > like to follow the correct procedure regarding disclosure. There's
 > a fix pending due to needing further testing at which point an
 > advisory will be published with the necessary details.

Does the update of OpenSSL eliminate this vulnerability?


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ