Re: CVE Request: programming error in crypt(3)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/26/2012 03:36 PM, Xin Li wrote:
> Hi,
>
> I'd like to request a CVE number for a programming error in
> FreeBSD's crypt(3) implementation, which prevents it from
> generating a right hash from input in certain circumstances.
>
> We will publish the details in an upcoming advisory.
>
> Thanks in advance!
>
> Cheers,

If you want a CVE # with no info I'm going to have to decline as I
can't verify anything and have no idea if it's a duplicate/etc (did
FreeBSD assign one already perhaps?). Can you share the info with
security () freebsd org and then have them request it (at least then I
know it's legitimate) which might work.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPmeG/AAoJEBYNRVNeJnmTAIAP/2YPAUA99Xhykj197dmJaNar
wkPE/gdcgmKLhgAYIxZkuEVRkI8c2M0zlh4XLVSQeXFfJmDJwLwXt83X/ozRxzB0
+YiyMh1zOg84m6zIeLlykvLC+0kcAHsPjmEVdJp3V0UXphFoeBYudpRzOy27H0OO
WR1uzcb0+ivCtNcEzy/I1T77s/tD2DjI7hpYIVxfRjVUmeBkAMF09a/1A2/crshI
HBx+lVRlBJleaWMCW4HO3R40L1PqTOlBb1piZC8VlzfA+oRg58FOvghMjfAbD3Q6
eJtJLYn26zlI/GdAl50dCy90Ckh8j3vHxFDF+sRL2sCV8W1VHKm5r4AiE0nNnyTP
plNY1XEmP6Uli8SUN/Z+iZ4iiEW/Cr2suL6hYGY7DcaH0HK+C6OhQjIH8aLaO0WI
wXN0ofXkMhAz3zGNlQ9TmM/B51lIv28i3HcmZDYhoW7B5yOO1kGcW2NbfWcHujbG
vdBPgqxNtrJVrUJcvZfzz2NVO0N0a67chz5o44fiye/yGcmuSbkSLj5Qw4/iy1Kf
dSYG0qb76RNZ5PEBkkxNXPmLO+ZrgK/N+zZb6KYR8ul4YTDpx2IiF/xe4qIzvykG
yi4AEMKIEztSplr9mS6mJwCdDgOpFrp26lw3Cww3IyicMnr1In6z8goCfbj4pJQc
YG7BkJyhuk+lKVgvngHJ
=jiYm
-----END PGP SIGNATURE-----