I wanted to suggest that when notifying of new vulnerabilities, in addition
to the severity level, information is also provided about how widespread the
issue is expected to be.
For example, the statement might say this high severity bug is expected to
affect around 70% of cases”, or for
I wanted to suggest that when notifying of new vulnerabilities, in addition
to the severity level, information is also provided about how widespread the
issue is expected to be.
I'd be concerned about doing that. While this one seemed pretty rare -- only
folks running a release less than
Hello,
I currently have a FIPS module where I'm trying to add entropy to RSA key
generation pair. I've overwritten the callbacks within my application but
I'm not seeing them being executed when I generate an RSA key.
When I call RSA_generate_key_ex shouldn't my entropy callback function be
In Marco's original description, the file is created by a trusted system and
then transmitted to the client. Then, later, the client transmits it to the
server, which verifies the contents. If the file is signed by the creating
system, it doesn't matter if the client is compromised. A
