Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <566E9D9B.40302@yandex.ru>
Date: Mon, 14 Dec 2015 13:44:43 +0300
From: Lucid Lynx <luc.lynx@...dex.ru>
To: oss-security@...ts.openwall.com
Subject: CVE Request: two issues in bee2 crypto library

Hello!
I found two issues in the 2015.10.29 version of bee2 crypto library that 
can be found at https://github.com/agievich/bee2. The library implements 
cryptographic algorithms standardized in Belarus and it is maintained by 
Belarussian State University.
The first iisue is possible leakage of sensitive data, the report can be 
found at https://github.com/agievich/bee2/issues/5

Another one is memory leak that can lead to DoS, the report can be found 
at https://github.com/agievich/bee2/issues/6
The both vulnerabilities were reported to maintainers and were fixed 
several days ago.
Please assign CVE IDs for these bugs if you think they are worth it in 
this case (right now the library is'n very popular though it can be used 
in some proprietary software).
--
LL

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.