Date: Sat, 26 Dec 2015 13:41:43 +0300 From: gremlin@...mlin.ru To: oss-security@...ts.openwall.com Subject: Re: Being vulnerable to POODLE On 2015-12-26 07:28:52 +0000, Sevan Janiyan wrote: > Hi, If you have a piece of software which is vulnerable to POODLE, > should a CVE be requested for it or should CVE-2014-3566 just be > referenced in any advisories published? The POODLE is an OpenSSL vulnerability, so referencing CVE-2014-3566 should be enough. > It turns out that CoovaChilli is vulnerable to POODLE & I'd > like to follow the correct procedure regarding disclosure. There's > a fix pending due to needing further testing at which point an > advisory will be published with the necessary details. Does the update of OpenSSL eliminate this vulnerability? -- Alexey V. Vissarionov aka Gremlin from Kremlin GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ