Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 15 Oct 2016 12:50:46 -0400 (EDT)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Update on MatrixSSL miscalculation (incomplete fix for CVE-2016-6887)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
> 
> This wasn't
> really fixed, but only worked around by restricting the allowed size of
> the modulus. Not surprisingly it is still possible to find inputs that
> cause miscalculations

Use CVE-2016-8671.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYAltIAAoJEHb/MwWLVhi2zbEP/2dfjbYAydVRa5AoGGA7TPmb
xILs2/DjLQhrk9/jLLwQ64Is/c9JrGHTSt7repvMcitLMAhDgVrlH+6LFa7z7inx
WPx1eqz4hI84Rs8/56MlGSjXTjLEiTQm5curt42r8VnVy66P+kAYRYmgSn6viHti
dnWeyY1nHM0Bj7xbh2rDS+WGiMdyKbD58JE1M9c/x40ypA7PHeyiOaEQiI0kkV/g
GBV74nCAljX+4pznRutKPQTJr8gSo7KzBKCRMhZJUIMcIEWITHxZ4bhDSOvGE5ZV
jtKDs4ALgYOh04IcYXam+TsnpO0TWtUE6IcbmvnBsnzKOt92sypRNQg/7ieMzvuk
qqFPKi5yjR2jDkCi0AXpfciWEOFeJECbxoKS5Q8TIuToC/DbMndN57BuaSaL/g+6
sffL7qTjUdYtOjOLjGt/pAUjWCYu6mkoxiT+naD/oBU1UVQsBgBuYCQ4z99Joa7D
da22R9nUvL+khiic6nvQTCVMP2CqJji4TAoe6zbBTX7HxYGW53e7HvH0Lk7UAIF6
nHgbB+3uf6PetCTA7lPkc/UHdFhYoV8VtpLQA4KOu2fqkGByhb8HifJvYS6YMZCt
NH9CYar381eIYh5/w7+rzFLF0jTwxjKrbMrkcHPq3jvoBfRbHk+Fatbt1w6vv2Ww
0RWeF3ma0TjarX46TTMB
=PwKE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ