oss-sec mailing list archives

Re: Being vulnerable to POODLE

From: gremlin () gremlin ru
Date: Sat, 26 Dec 2015 13:41:43 +0300

On 2015-12-26 07:28:52 +0000, Sevan Janiyan wrote:

Hi, If you have a piece of software which is vulnerable to POODLE,
should a CVE be requested for it or should CVE-2014-3566 just be
referenced in any advisories published?


The POODLE is an OpenSSL vulnerability, so referencing CVE-2014-3566
should be enough.

It turns out that CoovaChilli is vulnerable to POODLE & I'd
like to follow the correct procedure regarding disclosure. There's
a fix pending due to needing further testing at which point an
advisory will be published with the necessary details.


Does the update of OpenSSL eliminate this vulnerability?


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8

Current thread:

Being vulnerable to POODLE Sevan Janiyan (Dec 26)
- Re: Being vulnerable to POODLE gremlin (Dec 26)
  - Re: Being vulnerable to POODLE Gsunde Orangen (Dec 26)
    - Re: Being vulnerable to POODLE Sevan Janiyan (Dec 26)
- Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
  - Re: Being vulnerable to POODLE Sevan Janiyan (Dec 28)
    - Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
    - Re: Being vulnerable to POODLE Sevan Janiyan (Dec 29)