Date: Fri, 18 Jul 2014 21:01:27 +0100 From: Stuart Henderson <stu@...cehopper.org> To: oss-security@...ts.openwall.com Cc: hanno@...eck.de, cve-assign@...re.org Subject: Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure > > https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux > > > forking a process can create repeated random numbers > > > Please assign CVE. > > The existence of a popular blog post discussing a number of > interrelated LibreSSL and OpenSSL issues doesn't mean that we have a > good way to proceed by assigning a single CVE ID. I see a number of web pages relating to this issue are mentioning that it has already been assigned CVE-2014-2970, can anyone throw light on this?
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.