diff options
author | novel <novel@FreeBSD.org> | 2006-09-13 23:17:35 +0800 |
---|---|---|
committer | novel <novel@FreeBSD.org> | 2006-09-13 23:17:35 +0800 |
commit | a7068f5b506dd26746da2e413180e5348e3c9502 (patch) | |
tree | 5af866a5e7769ba8ac1b41fb13c8a60c5e71adfa /security | |
parent | 98e0f5914c80a0467a0d067cb4c76a5407b1d794 (diff) | |
download | freebsd-ports-gnome-a7068f5b506dd26746da2e413180e5348e3c9502.tar.gz freebsd-ports-gnome-a7068f5b506dd26746da2e413180e5348e3c9502.tar.zst freebsd-ports-gnome-a7068f5b506dd26746da2e413180e5348e3c9502.zip |
Style neats for the latest gnutls entry.
Reviewed by: remko
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index bfb694333258..8b4834a86777 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -89,14 +89,15 @@ Note: Please add new entries to the beginning of this file. <p>Simon Josefsson reports:</p> <blockquote cite="http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001203.html"> <p><code>_gnutls_handshake_log ("PKCS #1 padding error"); - ret = GNUTLS_E_PKCS1_WRONG_PAD;</code></p> - <p>Werner Koch points out that this error message may result in a - vulnerability similar to Bleichenbacher's Crypto 98 attack. It is not - exactly the same situation -- Bleichenbacher talks about PKCS#1 - encryption (block type 1, uses random padding) where this deals with - PKCS#1 verification (block type 2, uses 0xFF padding) -- but at a - glance, it appears to have similar consequences, but differ in the - number of messages required to mount the attack.</p> + ret = GNUTLS_E_PKCS1_WRONG_PAD;</code></p> + <p>Werner Koch points out that this error message may result + in a vulnerability similar to Bleichenbacher's Crypto 98 + attack. It is not exactly the same situation -- + Bleichenbacher talks about PKCS#1 encryption (block type 1, + uses random padding) where this deals with PKCS#1 + verification (block type 2, uses 0xFF padding) -- but at a + glance, it appears to have similar consequences, but differ + in the number of messages required to mount the attack.</p> </blockquote> </body> </description> @@ -107,6 +108,7 @@ Note: Please add new entries to the beginning of this file. <dates> <discovery>2006-09-08</discovery> <entry>2006-09-09</entry> + <modified>2006-09-13</modified> </dates> </vuln> |