oss-sec mailing list archives
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
From: cve-assign () mitre org
Date: Thu, 7 Feb 2013 14:33:33 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Can you assign one more for matrixssl?
http://www.matrixssl.org/news.html
The short answer is that you should map that MatrixSSL changelog to CVE-2013-0169. Here's how MITRE is currently looking at the set of issues: CVE-2013-0169 is the identifier for the multi-vendor issue in the TLS and DTLS protocols discussed in the http://www.isg.rhul.ac.uk/tls/TLStiming.pdf paper. We anticipate that several more vendors will release changelogs, with various levels of detail, mapping to that paper: -- If the changelog simply reports a new release to address that paper's issue, MITRE will consider that changelog to be a CVE-2013-0169 reference. A new CVE will not be created for that single vendor or a single product. -- If the vendor states that it uses a codebase corresponding to one of the other http://openwall.com/lists/oss-security/2013/02/05/24 CVEs (aka side issues), then the changelog will become a reference for that CVE. -- If the vendor makes any other statement about a vulnerability fix for a side issue, a new CVE will be created for the new side issue. This approach should enable MITRE to provide reasonably consistent CVE abstraction without detailed study of each vendor's code. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJRFADmAAoJEGvefgSNfHMdC1AH/A2Fr8fg2pZP49U513DBwQhp 7zdffXlwA/FF5dv2D7Pl3UJeGOgWtmott9kvrpIh1tKKnGFoNgqvQwAsaEL9/1rd Smr1dJisFvy7qDjrZEM96EiOM/3+J90StXFE3cVn72KGGs03g/e3+sUI3D8dp7Z3 SxJTNLgiVCxDCld06f5CmMwinl2DUx/VkuNgbfHUg+NnNzhw3WmIj8NMT0Om+OxZ 0UDCbWZ3SgH3DrIH75l+W3wKma0KgyQD+M2voUuCqmlSENI1Hkc6LhSKjxVaHeo/ ALJ4bWrpYtAv5JpyWL5mEY6NXOVcc0nl3M4EDsI9CKqeR8gtb0rjyK/gLQ4lydE= =LRzJ -----END PGP SIGNATURE-----
Current thread:
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations, (continued)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Marcus Meissner (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Hanno Böck (Feb 07)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Kurt Seifried (Feb 07)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 07)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen (Feb 05)
- Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)