Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Jan 2009 14:39:44 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request -- tsqllib, slurm-llnl, libnasl,
	libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto

Hello Steve,

  could you please allocate CVE ids for the following OpenSSL's
CVE-2008-5077 related issues:

tsqllib:  https://bugzilla.redhat.com/show_bug.cgi?id=479650
          http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509

libnasl: https://bugzilla.redhat.com/show_bug.cgi?id=479655
         http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517

boinc-client: https://bugzilla.redhat.com/show_bug.cgi?id=479664
              http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521

m2crypto: https://bugzilla.redhat.com/show_bug.cgi?id=479676
          http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515

Other related issues (probably more to come):
slurm-llnl:                 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511
libcrypt-openssl-dsa-perl:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519
erlang:                     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520
                            (Lower severity issue due the fact, the output of
                             DSA_do_verify function is further processed and
                             sent back to the caller, where it is compared against 1:

>>From lib/crypto/src/crypto.erl:

dss_verify(Dgst,Signature,Key) ->
    control(?DSS_VERIFY, [Dgst,Signature,Key]) == <<1>>.

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.