oss-sec mailing list archives

openssl security issue or not? (CVE Request?)

From: Marcus Meissner <meissner () suse de>
Date: Fri, 23 Mar 2012 17:13:20 +0100

Hi folks, Ivan,

This patch:
http://cvs.openssl.org/chngview?cn=22161
fixes a decrypt error return values and according to the changelog
"detects symmetric crypto errors" 

I am not sure if this counts as security issue in the end, but "not
detecting a failed decrypt" seems to me like it is a security issue.

Any comments?

Ciao, Marcus
(also https://bugzilla.novell.com/show_bug.cgi?id=749210 )

Current thread:

openssl security issue or not? (CVE Request?) Marcus Meissner (Mar 23)
- Re: openssl security issue or not? (CVE Request?) Jan Lieskovsky (Mar 23)
- Re: openssl security issue or not? (CVE Request?) Ivan Nestlerode (Mar 23)
  - Re: Re: openssl security issue or not? (CVE Request?) Marcus Meissner (Mar 23)