Subject: Re: RSAREF2 buffer overflow?
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
From: David Brownlee <abs@netbsd.org>
List: tech-crypto
Date: 12/14/1999 21:29:17
On Tue, 14 Dec 1999, Bill Sommerfeld wrote:

> > I know this doesn't apply to those outside the US [1], but the
> > NetBSD-specific section in the recent CERT advisory regarding buffer
> > overflows in RSAREF2 says basically "we advise recompiling things to not
> > use RSAREF2."  What about those of us who (for legal or other reasons)
> > don't have the option?
> 
> This looks like the result of a left hand vs. right hand disconnect.
> Patches for this problem were checked into pkgsrc on december 2nd.
> 
> > should I send-pr this?
> 
> No, it's already fixed..  too bad it's too late to fix the advisory.

	Can someone either put something up on the website to this effect,
	give me the appropriate text, or point me at the person whom I
	should bug.


		David/absolute