On Sun, Jan 11, 2009 at 05:18:35PM +0200, George Danchev wrote:
> Hello Wouter,
>
> I'm not quite familiar with your app internals, but it seems your fix makes
> no
> big difference between 0 and 1 return codes. You really want to use
> EVP_VerifyFinal as openssl guys did it [1], and provide th
Hello Wouter,
I'm not quite familiar with your app internals, but it seems your fix makes no
big difference between 0 and 1 return codes. You really want to use
EVP_VerifyFinal as openssl guys did it [1], and provide the above functioning
level with the all possible returns. Their doc suggests
Hi Moritz, hi security team,
On Thu, Jan 08, 2009 at 10:30:14PM +0100, Moritz Muehlenhoff wrote:
> CVE-2009-0049:
Yay. And 3.5.0 isn't even in source form anymore; I'm not even sure
whether they actually are going to publish source for that. *sigh*.
> Belgian eID middleware (eidlib) 2.6.0 and ea
Package: belpic
Severity: grave
Tags: security
Justification: user security hole
Hi Wouter,
CVE-2009-0049:
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the
return value from the OpenSSL EVP_VerifyFinal function, which allows remote
attackers to bypass validation of t
4 matches
Mail list logo
