RSAREF2 buffer overflow?

To: tech-crypto%netbsd.org@localhost
Subject: RSAREF2 buffer overflow?
From: "Aaron J. Grier" <agrier%poofy.goof.com@localhost>
Date: Tue, 14 Dec 1999 13:15:51 -0800

apologies if this is the wrong list, but tech-security looks like it's
been dead for almost six months...

I know this doesn't apply to those outside the US [1], but the
NetBSD-specific section in the recent CERT advisory regarding buffer
overflows in RSAREF2 says basically "we advise recompiling things to not
use RSAREF2."  What about those of us who (for legal or other reasons)
don't have the option?

should I send-pr this?

[1] or even those inside the US who could care less about a certain
    software patent...

-- 
  Aaron J. Grier  | "Not your ordinary poofy goof." | 
agrier%poofy.goof.com@localhost
   "I really admire your perverse mastery of the SPARC branch delay slot,
      Dave.  Or is it your mastery of the perverse branch delay slot?"
                  -- Joe Martin to Dave S. Miller on linux-kernel

Follow-Ups:
- Re: RSAREF2 buffer overflow?
  - From: Bill Sommerfeld
- Re: RSAREF2 buffer overflow?
  - From: Bill Sommerfeld

Prev by Date: Re: crypto-us and crypto-intl status
Next by Date: Re: RSAREF2 buffer overflow?
Previous by Thread: crypto-us and crypto-intl status
Next by Thread: Re: RSAREF2 buffer overflow?
Indexes:

Home | Main Index | Thread Index | Old Index