Constantine Aleksandrovich Murenin wrote:
> So you confirm that using block scope in such scenario is the new best
> practice now?
I don't think it was ever not best practice; though whether people do it or
not is a separate matter.
On 27 October 2015 at 00:02, Ted Unangst wrote:
> Constantine Aleksandrovich Murenin wrote:
>> As reported elsewhere (http://seclists.org/oss-sec/2015/q4/87 via
>> http://www.opennet.ru/43146), both of these errors were introduced as
>> part of the refactoring.
>>
>> Quick glance through
>> http:/
Constantine Aleksandrovich Murenin wrote:
> As reported elsewhere (http://seclists.org/oss-sec/2015/q4/87 via
> http://www.opennet.ru/43146), both of these errors were introduced as
> part of the refactoring.
>
> Quick glance through
> http://bxr.su/o/lib/libssl/src/crypto/objects/obj_dat.c#OBJ_ob
As reported elsewhere (http://seclists.org/oss-sec/2015/q4/87 via
http://www.opennet.ru/43146), both of these errors were introduced as
part of the refactoring.
Quick glance through
http://bxr.su/o/lib/libssl/src/crypto/objects/obj_dat.c#OBJ_obj2txt
indicates that the memory leak issue was introdu
André Schneider wrote:
> Hi,
>
> maybe i'm overlooking something, but in the rebuild and install
> instructions,
> shouldn't it say
>cd /usr/src/lib/libcrypto
> instead of
>cd src/lib/libcrypto
either or. maybe somebody has their src somewhere else.
On 2015/10/16 18:34, Артур Истомин wrote:
> On Thu, Oct 15, 2015 at 08:29:25PM -0400, Ted Unangst wrote:
> > The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
> > and memory leak, as reported by Qualys Security. This can be abused by an
> > attacker to cause a denial of servi
On Thu, Oct 15, 2015 at 08:29:25PM -0400, Ted Unangst wrote:
> The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
> and memory leak, as reported by Qualys Security. This can be abused by an
> attacker to cause a denial of service in some cases.
>
> Patches are now available f
Hi,
maybe i'm overlooking something, but in the rebuild and install
instructions,
shouldn't it say
cd /usr/src/lib/libcrypto
instead of
cd src/lib/libcrypto
Best,
André Schneider
Am 16.10.2015 02:29 schrieb Ted Unangst:
The OBJ_obj2txt function in libcrypto contains a one byte
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security. This can be abused by an
attacker to cause a denial of service in some cases.
Patches are now available for OpenBSD as well as new releases of LibreSSL
portable. 5.6, 5.7, and