Re: CVEs, Crypto and "vulnerabilities"

[Donald Stufft <donald () stufft io>]

I definitely think bad choices of algorithms, modes, and constructions should qualify. 

> On Mar 31, 2014, at 2:26 AM, Kurt Seifried <kseifried () redhat com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So the line in the sand is moving currently, I think this issue is
> another good example of something that may qualify for a CVE, or maybe
> not, depends where we draw the line.
>
> https://github.com/opencart/opencart/issues/1279
>
> So if someone has strong opinions either way please speak up.
>
> - -- 
> Kurt Seifried Red Hat Security Response Team (SRT)
> PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJTOQqkAAoJEBYNRVNeJnmTrNAP/3SI4itDSx80AewQ9TlgDqEG
> r9K8Zt+XfXrez3nyGmopiQ1vHfwqCB3fU5gjzzUyVgc18i0Wq7E0bBGhz+zdtpx5
> 5JsvC0zf4sWNr3yd12ZX+bU1uOHp2zjM+b3ZKqrrLV5pAk3c3Ut8DGwS4lg+nGzZ
> fyTsRACcZ6xoBfZVlCQgRuG88bdd2hRyQRlYQcXDrxrO7IjM3QMLA2TKrbyWMbd3
> KAtMcsPtYfG17X8L4nC8oykOuuNhYF+7M4aG8HOpHq9rTjK/M8Vobtsr/q2omlB6
> kfQ4d4yeP7wQWI8Y0vw5IqQOv6KLhFQUTXN88c/7/ZwqmAjDc4kpUeBuq/LBt6gV
> 3FsQQeVhWaVJt19XWhmtJkipqjARRB+JgBcaeat2FWXtyKrXD8OifesvzxT76f68
> /lGYJg3hBuYhdPTHTfK/X9s/5GfQudd13tgW1L3gCFrH6a2ihj7KAzRaefoGEZ1D
> lkjHXTxas4KFQplBuougpfhpa0lgUaTazvlWFfXFjcG0wWZOVcv5W4Ab1qBsJiNk
> OC5vX/dXQ0KYChaaOFfub+dTyHstHgkYr3hGqeAfOnUv8nozC1PMUeOc8FeSU97v
> Tu9p4NivDuIririkyFR9P5KFIeus6+WHwMxJdZ65wu9lyNfG/dLc5qBqLEAtjo9F
> WbaS0jWRgMKBrBEBjYyf
> =csSm
> -----END PGP SIGNATURE-----