| |||||||||||||
|
| |||||||||||||
Cryptographic weakness on Debian systemsCryptographic weakness on Debian systemsPosted May 13, 2008 17:19 UTC (Tue) by welinder (guest, #4699)In reply to: Cryptographic weakness on Debian systems by pharm Parent article: Cryptographic weakness on Debian systems
Purify/Valgrind will complain if you read more than the initialized part. Still, whoever took out the entire initialization should not be trusted with security intensive code.
(Log in to post comments)
Cryptographic weakness on Debian systems Posted May 14, 2008 12:42 UTC (Wed) by dion (subscriber, #2764) [Link] That would be Kurt Roeckx: http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/r... http://alioth.debian.org/users/kroeckx/
Cryptographic weakness on Debian systems Posted May 14, 2008 13:01 UTC (Wed) by DeletedUser32991 ((unknown), #32991) [Link] Kurt did ask about it on the upstream list, too.
Cryptographic weakness on Debian systems Posted May 14, 2008 18:55 UTC (Wed) by dion (subscriber, #2764) [Link] Yes, that should ward off the tar+feathers. When even openssl developers can't tell that the change is catastrophic then he might be excused. This does illustrate why blindly fixing warnings is a dangerous and bad idea, though.
|
|
||||||||||||