|
From: | Ludovic Courtès |
Subject: | Re: OpenSSL CVE-2016-2177, CVE-2016-2178 |
Date: | Sun, 12 Jun 2016 22:49:23 +0200 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Leo Famulari <address@hidden> skribis: > Some bugs in OpenSSL were recently disclosed. > > CVE-2016-2177 > http://seclists.org/oss-sec/2016/q2/500 > > CVE-2016-2178 > http://seclists.org/oss-sec/2016/q2/493 > > The second bug can apparently be used by an attacker to recover DSA > keys. And remember that OpenSSH uses OpenSSL, so it is affected too. > > Should we try cherry-picking the upstream commits from the OpenSSL > development repo? Sounds like it. Could you look into it? Thanks for the heads-up! Ludo’.
[Prev in Thread] | Current Thread | [Next in Thread] |