Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

On Fri, May 09, 2014 at 03:32:25AM +0200, Wilfried Klaebe wrote: Kurt Roeckx wrote: I don't see how the severity of this is critical. The severity level critical is defined as: makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a

Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

Source: openssl Severity: critical Tags: security patch OpenSSL contains a set of arbitrary limitations on the size of accepted key parameters that make unrelated software fail to establish secure connections. The problem was found while debugging a XMPP s2s connection issue where two servers

Bug#747453: [Pkg-openssl-devel] Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

severity 747453 normal thanks I don't see how the severity of this is critical. On Thu, May 08, 2014 at 11:23:04PM +0200, Benny Baumann wrote: Source: openssl Severity: critical Tags: security patch OpenSSL contains a set of arbitrary limitations on the size of accepted key parameters

Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

Kurt Roeckx wrote: I don't see how the severity of this is critical. The severity level critical is defined as: makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package.