aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authornovel <novel@FreeBSD.org>2006-09-13 23:17:35 +0800
committernovel <novel@FreeBSD.org>2006-09-13 23:17:35 +0800
commita7068f5b506dd26746da2e413180e5348e3c9502 (patch)
tree5af866a5e7769ba8ac1b41fb13c8a60c5e71adfa /security
parent98e0f5914c80a0467a0d067cb4c76a5407b1d794 (diff)
downloadfreebsd-ports-gnome-a7068f5b506dd26746da2e413180e5348e3c9502.tar.gz
freebsd-ports-gnome-a7068f5b506dd26746da2e413180e5348e3c9502.tar.zst
freebsd-ports-gnome-a7068f5b506dd26746da2e413180e5348e3c9502.zip
Style neats for the latest gnutls entry.
Reviewed by: remko
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml18
1 files changed, 10 insertions, 8 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index bfb694333258..8b4834a86777 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -89,14 +89,15 @@ Note: Please add new entries to the beginning of this file.
<p>Simon Josefsson reports:</p>
<blockquote cite="http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001203.html">
<p><code>_gnutls_handshake_log ("PKCS #1 padding error");
- ret = GNUTLS_E_PKCS1_WRONG_PAD;</code></p>
- <p>Werner Koch points out that this error message may result in a
- vulnerability similar to Bleichenbacher's Crypto 98 attack. It is not
- exactly the same situation -- Bleichenbacher talks about PKCS#1
- encryption (block type 1, uses random padding) where this deals with
- PKCS#1 verification (block type 2, uses 0xFF padding) -- but at a
- glance, it appears to have similar consequences, but differ in the
- number of messages required to mount the attack.</p>
+ ret = GNUTLS_E_PKCS1_WRONG_PAD;</code></p>
+ <p>Werner Koch points out that this error message may result
+ in a vulnerability similar to Bleichenbacher's Crypto 98
+ attack. It is not exactly the same situation --
+ Bleichenbacher talks about PKCS#1 encryption (block type 1,
+ uses random padding) where this deals with PKCS#1
+ verification (block type 2, uses 0xFF padding) -- but at a
+ glance, it appears to have similar consequences, but differ
+ in the number of messages required to mount the attack.</p>
</blockquote>
</body>
</description>
@@ -107,6 +108,7 @@ Note: Please add new entries to the beginning of this file.
<dates>
<discovery>2006-09-08</discovery>
<entry>2006-09-09</entry>
+ <modified>2006-09-13</modified>
</dates>
</vuln>