|
Message-ID: <5294DCD9.8050000@redhat.com> Date: Tue, 26 Nov 2013 10:39:37 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: static IV used in Percona XtraBackup -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/26/2013 03:52 AM, Marcus Meissner wrote: > Hi, > > This came to our desk: > https://bugzilla.novell.com/show_bug.cgi?id=852224 > https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343 > > constant IV used in CTR Mode, allowing plaintext retrieval > attacks. > > I think it needs a CVE. > > Ciao, Marcus > Please use CVE-2013-6394 for this issue. P.S. has anyone considered packaging this for Fedora? looks nifty. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSlNzYAAoJEBYNRVNeJnmT91QP/1Mnd31z82+CKrLklfRidV/Y McdFlOm9AQJvUTKy5U8/7JroWx5wQpGBOVqp7KKB30m/PId+mzoVPF+0AwHhfleg CQ37UowmYx6izjSS+A3yHXFYdm7Bm46ulghnSF7slM+tEn9SiiP6IjGJLJfJStZ9 9KkCdUDepq67UmLA9ny10/Fhc+NBcAJj6VIPGzQPFyFlqw91RFLnnqpX+Sb7qCGj lIXikWYmmCtKtl6DzPPNgbcejMY9OJulacHQ8V8fngAIcHzuofkMRyv17zDvtreP MiUB7NeMpwzWZBqIv3WE+/kzmxubVf8pI50Y847bDwzMd1HhVv0RrigqGhg8reiG dIHGFk+LS60PTPHEFs7K7r2xAk+GOmHPOCpaZlQqDrNRqQ/Zxu9MDjockYN4+rS/ 4qJD9N8jeyDHhZmR2BnIIlZkjHzwYlDcAiAX06NB4mppVTTHadaWYTc6620NhG9F BzV3KIxyFnAVPD3aeXaWCtLqCaKmq3kAJHsTF2QkmlsVNNwcnMdIvMnbyyjn5oeY Dw1bZcmdRfchYavozkuM5898PH8+yzvXl/k60e/8zjgGIVbVIRYblznK+5bqPlpb GPoYGAmmy8knV2E/6YR7kFXdzVC8n/XYUL9h7HGNy74pLGEZLHlxlhM52fRPE9qs P6fxvlll8e/bfvZj2CDZ =b8Jv -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.