Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 8 Dec 2020 20:01:14 +0100
From: yersinia <>
Subject: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE?

At this link, multiple security bugs of various kinds are highlighted in
very widespread basic cryptographic applications, which have then been
corrected. I haven't done a deep analysis on all of them but I haven't
found any associated CVEs of some of them. Do I have to assume that they
weren't all that important or that the process of reporting them was
missing? Thanks

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.