On Fri, Nov 8, 2013 at 7:47 PM, coderman <[email protected]> wrote: > surprised not a peep about this one here yet,... hmmm > a fun one ;) > > we are accustomed to old software adding risk; > new (secondary effects of combined AUTH+ENC modes) > also carries risk!
Well know possibility, yes. In any case the problem is well know everywhere already https://security-tracker.debian.org/tracker/CVE-2013-4548 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4548 Best _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
