oss-sec mailing list archives
Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure
From: Stuart Henderson <stu () spacehopper org>
Date: Fri, 18 Jul 2014 21:01:27 +0100
https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linuxforking a process can create repeated random numbersPlease assign CVE.The existence of a popular blog post discussing a number of interrelated LibreSSL and OpenSSL issues doesn't mean that we have a good way to proceed by assigning a single CVE ID.
I see a number of web pages relating to this issue are mentioning that it has already been assigned CVE-2014-2970, can anyone throw light on this?
Current thread:
- CVE request: libressl before 2.0.2 under linux PRNG failure Hanno Böck (Jul 16)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 16)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 30)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 31)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Aug 06)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 16)