oss-sec mailing list archives
CVE ids for CyaSSL 2.9.4?
From: Raphael Geissert <geissert () debian org>
Date: Thu, 17 Apr 2014 14:13:11 +0200
Hi, [CC'ing Ivan Fratric and one of the many @wolfssl addresses I found] CyaSSL 2.9.4 fixes a number of security issues.
From [3]: Issue #1 (Memory Corruption) Issue #2 (Out of bounds read) Issue #3 (Dangerous Default Behavior, out of bounds read) Issue #4 (NULL pointer dereference) Issue #5 (Unknown Critical Certificate Extension Allowed)
Have CVE ids been assigned already? if not, could they be assigned? Thanks in advance. References: [0]http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html [1]http://www.yassl.com/forums/topic539-cyassl-294-released.html [2]http://www.yassl.com/yaSSL/Blog/Entries/2014/4/9_CyaSSL_2.9.4_Released.html [3]http://www.yassl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE ids for CyaSSL 2.9.4? Raphael Geissert (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? Todd A Ouska (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? cve-assign (Apr 17)