Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Mar 2012 17:13:20 +0100
From: Marcus Meissner <>
To: OSS Security List <>
Subject: openssl security issue or not? (CVE Request?)

Hi folks, Ivan,

This patch:
fixes a decrypt error return values and according to the changelog
"detects symmetric crypto errors" 

I am not sure if this counts as security issue in the end, but "not
detecting a failed decrypt" seems to me like it is a security issue.

Any comments?

Ciao, Marcus
(also )

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.