[gnutls-devel] [oss-security] CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations

cve-assign at mitre.org cve-assign at mitre.org
Wed Feb 6 02:08:44 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are interested in the CVE name assignments for the recent TLS
and DTLS disclosure at http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
please see:

  http://openwall.com/lists/oss-security/2013/02/05/24

This references:

  Mozilla Network Security Services (NSS)  CVE-2013-1620
  GnuTLS                                   CVE-2013-1619
  PolarSSL                                 three CVEs (see below)

    PolarSSL - TLS and DTLS protocol issue:      CVE-2013-0169
    PolarSSL - out-of-bounds comparisons:        CVE-2013-1621
    PolarSSL - lack of MAC check in some cases:  CVE-2013-1622

and other products.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)

iQEcBAEBAgAGBQJREanXAAoJEGvefgSNfHMdRSkH/jDVd3wagUKNvjO2mTVo1Jdy
MYvKStezZTgVDMw4f5zLJcEM7Cm/74tvbst/DdIgHiMI188z9v1CZ5XgBCft3LSm
DninOatvTcB/8CHhJ80q4vRH7EqiAVVWdq+SAPSU0v+e43rxIE1S1z+axOkG4xpt
O6vxiXeaD9jZcNJx93nbBVceC6fphmq7Oz/eWdcYMf/BKsADxinxpTpLX/8U9vJH
cdBAG4I5PUAgnWbHj/Fk/oeVKjYGLmiejMO9WU+/5NpxILUJP2hHz4Fqz8qR4Ovq
eME40QIIfaumyJ1puY5jJ0jTmbxMkPT7irmZ/YlHnLB5s9CfwJEec0tfkCZcBgM=
=2FcO
-----END PGP SIGNATURE-----



More information about the Gnutls-devel mailing list