Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure
From: Stuart Henderson <stu () spacehopper org>
Date: Fri, 18 Jul 2014 21:01:27 +0100


forking a process can create repeated random numbers

Please assign CVE.

The existence of a popular blog post discussing a number of
interrelated LibreSSL and OpenSSL issues doesn't mean that we have a
good way to proceed by assigning a single CVE ID.

I see a number of web pages relating to this issue are mentioning that
it has already been assigned CVE-2014-2970, can anyone throw light on this?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]