Ok so I took a look through and the bug is present in older versions of
open ssl but it seems as of 1.0.2g it has been fixed.
Thank you,
Vinny
On Mar 13, 2016 11:40 AM, "Sebastian Andrzej Siewior"
wrote:
> I tried to reproduce the bug and before that I look at
> PEM_def_callback() / EVP_read_pw_
Last time I check the bug was still present. I will check and let you know
if I still see it.
Thank you,
Vinny
On Mar 13, 2016 11:40 AM, "Sebastian Andrzej Siewior"
wrote:
> I tried to reproduce the bug and before that I look at
> PEM_def_callback() / EVP_read_pw_string_min() where the input pas
I tried to reproduce the bug and before that I look at
PEM_def_callback() / EVP_read_pw_string_min() where the input password
is read / checked for valid length. The limit is sometimes 1024 sometimes
larger but it never overwrites anything.
I tried various tests ala
openssl x509 -days 3650 -CA ca
On Sun, Mar 10, 2013 at 12:33:55PM -0400, vin Buccigrossi wrote:
> It has no CVE number but I will package up all of the file and every thing
> we used in testing and send it over to you.
Hello Buccigrossi,
I'm still waiting for the examples and use cases (test files) for this OpenSSL
buffer over
Package: openssl
Version: 0.9.8o-4squeeze13
Severity: important
Tags: security
Description from email: http://seclists.org/bugtraq/2012/May/155
A buffer overflow vulnerability has been discovered within the OpenSSL command
line utility. The vulnerability is revealed within the signing of a
cert
5 matches
Mail list logo
