oss-sec mailing list archives

CVE ids for CyaSSL 2.9.4?

From: Raphael Geissert <geissert () debian org>
Date: Thu, 17 Apr 2014 14:13:11 +0200

Hi,

[CC'ing Ivan Fratric and one of the many @wolfssl addresses I found]

CyaSSL 2.9.4 fixes a number of security issues.

From [3]:
Issue #1 (Memory  Corruption)
Issue #2 (Out of bounds read)
Issue #3 (Dangerous Default Behavior, out of bounds read)
Issue #4 (NULL pointer dereference)
Issue #5 (Unknown Critical Certificate Extension Allowed)


Have CVE ids been assigned already? if not, could they be assigned?

Thanks in advance.

References:
[0]http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
[1]http://www.yassl.com/forums/topic539-cyassl-294-released.html
[2]http://www.yassl.com/yaSSL/Blog/Entries/2014/4/9_CyaSSL_2.9.4_Released.html
[3]http://www.yassl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Current thread:

CVE ids for CyaSSL 2.9.4? Raphael Geissert (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? Todd A Ouska (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? cve-assign (Apr 17)