oss-sec mailing list archives
Re: CVE request: openssl timing attack
From: Solar Designer <solar () openwall com>
Date: Sun, 5 Jun 2011 00:03:13 +0400
On Sat, Jun 04, 2011 at 02:53:29PM -0400, Michael Gilbert wrote:
As a practical matter, you could follow the Debian secure-testing-commits mailing list [0] or check out the svn repo [1]. Updates to Mitre's CVE database are synced there twice a day.
This is very nice, thanks. Many of the commits have Debian-specific info, though, which would be a bit distracting, and the Subjects are not specific (just "data/CVE" or "data/DSA"), yet this may be helpful. I downloaded http://lists.alioth.debian.org/pipermail/secure-testing-commits/2011-May.txt.gz and grepped it for SSL (case-insensitive). Didn't find the OpenSSL issue that started this thread. This is not surprising: apparently, the issue did not receive a CVE ID in May, even though CERT published a Vulnerability Note on it.
[0]http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits [1]svn://svn.debian.org/svn/secure-testing
Perhaps add these to http://oss-security.openwall.org/wiki/distro-patches#debian ? And, while you're at it, fix the many broken links currently in the Debian section there (I counted at least three broken links). Thanks, Alexander
Current thread:
- CVE request: openssl timing attack Thomas Biege (May 31)
- Re: CVE request: openssl timing attack Josh Bressers (May 31)
- Re: CVE request: openssl timing attack Solar Designer (Jun 01)
- Re: CVE request: openssl timing attack Michael Gilbert (Jun 04)
- Re: CVE request: openssl timing attack Solar Designer (Jun 04)
- Re: CVE request: openssl timing attack Solar Designer (Jun 01)
- Re: CVE request: openssl timing attack Josh Bressers (May 31)