[util-issues] [Issue 83899] openssl (security-)buggy

Fri, 23 Nov 2007 03:00:53 -0800 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=83899
                 Issue #|83899
                 Summary|openssl (security-)buggy
               Component|utilities
                 Version|680m237
                Platform|All
                     URL|
              OS/Version|All
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P1
            Subcomponent|code
             Assigned to|tkr
             Reported by|rene





------- Additional comments from [EMAIL PROTECTED] Fri Nov 23 11:00:50 +0000 
2007 -------
Hi,

AFAIS, the openssl used in cws openssl is 0.9.8e. Which is buggy. Just by
skimming over the Debian OpenSSL changelog I see the following:

openssl (0.9.8e-6) unstable; urgency=high

  * Add fix for CVE-2007-3108 (Closes: #438142)

 -- Kurt Roeckx <[EMAIL PROTECTED]>  Wed, 15 Aug 2007 19:49:54 +0200

and

openssl (0.9.8e-8) unstable; urgency=low

  * Fix another case of the "if this code is reached, the program will abort"
    (Closes: #429740)
  * Temporary force to build with gcc >= 4.2

 -- Kurt Roeckx <[EMAIL PROTECTED]>  Sun, 02 Sep 2007 18:12:11 +0200

and

openssl (0.9.8e-9) unstable; urgency=high

  * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
    (Closes: #444435)
  * Add postgresql-8.2 to the list of services to check.

 -- Kurt Roeckx <[EMAIL PROTECTED]>  Fri, 28 Sep 2007 19:47:33 +0200

and

openssl (0.9.8f-1) unstable; urgency=low

  * New upstream release
    - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737)
    - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686)
    - New function SSL_set_SSL_CTX: bump shlibs.
  * Remove build dependency on gcc > 4.2
  * Remove the openssl preinst, it looks like a workaround
    for a change in 0.9.2b where config files got moved.  (Closes: #445095)
  * Update debconf translations:
    - Vietnamese (Closes: #426988)
    - Danish (Closes: #426774)
    - Slovak (Closes: #440723)
    - Finnish (Closes: #444258)

 -- Kurt Roeckx <[EMAIL PROTECTED]>  Sat, 13 Oct 2007 00:47:22 +0200

Regards,

Rene

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to