so you are giving credit to some pseudo 0days (corporate promotion), but you are not giving credit to some pseudo 0days - see quoted text.
is this on purpose? On Thu, Sep 28, 2006 at 06:48:19PM +0200, Marcus Meissner wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > 1) Problem Description and Brief Discussion > > Several security problems were found and fixed in the OpenSSL > cryptographic library. > > CVE-2006-3738/VU#547300: > A Google security audit found a buffer overflow condition within the > SSL_get_shared_ciphers() function which has been fixed. > > CVE-2006-4343/VU#386964: > The above Google security audit also found that the OpenSSL SSLv2 > client code fails to properly check for NULL which could lead to a > server program using openssl to crash. > > CVE-2006-2937: > Fix mishandling of an error condition in parsing of certain invalid > ASN1 structures, which could result in an infinite loop which consumes > system memory. > > CVE-2006-2940: > Certain types of public key can take disproportionate amounts of time > to process. This could be used by an attacker in a denial of service > attack to cause the remote side top spend an excessive amount of time > in computation. > > 2) Solution or Work-Around > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
