oss-sec mailing list archives
CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 12 Jan 2009 14:39:44 +0100
Hello Steve, could you please allocate CVE ids for the following OpenSSL's CVE-2008-5077 related issues: tsqllib: https://bugzilla.redhat.com/show_bug.cgi?id=479650 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509 libnasl: https://bugzilla.redhat.com/show_bug.cgi?id=479655 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517 boinc-client: https://bugzilla.redhat.com/show_bug.cgi?id=479664 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521 m2crypto: https://bugzilla.redhat.com/show_bug.cgi?id=479676 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515 Other related issues (probably more to come): slurm-llnl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511 libcrypt-openssl-dsa-perl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519 erlang: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520 (Lower severity issue due the fact, the output of DSA_do_verify function is further processed and sent back to the caller, where it is compared against 1:
From lib/crypto/src/crypto.erl:
dss_verify(Dgst,Signature,Key) -> control(?DSS_VERIFY, [Dgst,Signature,Key]) == <<1>>. Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto Jan Lieskovsky (Jan 12)
- Re: CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto Steven M. Christey (Jan 20)