subject:"\[openssl\-dev\] \[openssl.org #2622\] Buffer overflow using UI_add_input_string"

[openssl-dev] [openssl.org #2622] Buffer overflow using UI_add_input_string

2016-05-16 Thread Richard Levitte via RT

Fixed, both for upcoming 1.1.0 and for 1.0.2. On Mon May 16 13:42:16 2016, levitte wrote: > Fixing old ticket. > > https://github.com/openssl/openssl/pull/1077 > > On Fri Oct 14 18:14:51 2011, ramsd...@mitre.org wrote: > > TrouSerS is an open-source TCG Software Stack by IBM. It uses OpenSSL > >

[openssl-dev] [openssl.org #2622] Buffer overflow using UI_add_input_string

2016-05-16 Thread Richard Levitte via RT

Fixing old ticket. https://github.com/openssl/openssl/pull/1077 On Fri Oct 14 18:14:51 2011, ramsd...@mitre.org wrote: > TrouSerS is an open-source TCG Software Stack by IBM. It uses OpenSSL > to read passwords. The code in ssl_ui.c of the trousers library has a > buffer overflow. I suspect many