Celui-ci (et le précédent open-ssl) va falloir s'en occuper!
Le 05/06/2014 14:15, Salvatore Bonaccorso a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2949-1
Hi,
Package: openssl
CVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
is it intentional that you didn't fix CVE-2014-0198 and CVE-2010-5298?
The OpenSSL advisory is quite misleading with this:
| where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
On 2014-06-05 15:46, Florian Zumbiehl wrote:
Hi,
Package: openssl
CVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224
CVE-2014-3470
is it intentional that you didn't fix CVE-2014-0198
That was fixed last month -
https://www.debian.org/security/2014/dsa-2931
and
On Thu, Jun 05, 2014 at 05:13:33PM +0100, Adam D. Barratt wrote:
On 2014-06-05 15:46, Florian Zumbiehl wrote:
Hi,
Package: openssl
CVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
is it intentional that you didn't fix CVE-2014-0198
That was fixed last
Hi,
That was fixed last month - https://www.debian.org/security/2014/dsa-2931
So that's fixed since 1.0.1e-2+deb7u9
and CVE-2010-5298?
https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates that
this is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it's
CVE-2014-3967: missing from list
CVE-2014-3968: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.
--
To
6 matches
Mail list logo