subject:"Bug#575433\: openssl\: OpenSSL does not check for a NULL return value from bn_wexpand function calls"

Bug#575433: [Pkg-openssl-devel] Bug#575433: openssl: OpenSSL does not check for a NULL return value from bn_wexpand function calls

2010-04-06 Thread Kurt Roeckx

On Thu, Mar 25, 2010 at 02:45:41PM -0400, A. Maitland Bottoms wrote: Package: openssl Version: 0.9.8g-15+lenny6 Tags: lenny,security,patch This bug report is based upon CVE-2009-3245 OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1)

Bug#575433: openssl: OpenSSL does not check for a NULL return value from bn_wexpand function calls

2010-03-25 Thread A. Maitland Bottoms

Package: openssl Version: 0.9.8g-15+lenny6 Tags: lenny,security,patch This bug report is based upon CVE-2009-3245 OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4)