** Also affects: openssl (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: openssl (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: openssl (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: openssl (Ubuntu Precise)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: openssl (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: openssl (Ubuntu)
       Status: New => Invalid

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.

  Backported bugfix for CVE-2014-3571 causes regressions for DTLS in
  Ubuntu 14.04

Status in openssl package in Ubuntu:
Status in openssl source package in Precise:
Status in openssl source package in Trusty:

Bug description:
  In OpenSSL 1.0.1f on Ubuntu 14.04, there's a regression in using DTLS,
  caused by a backported bugfix for CVE-2014-3571.

  This particular bugfix (debian/patches/CVE-2014-3571-1.patch,
  corresponding to
  originally included upstream in OpenSSL 1.0.1k) caused a regression in
  using DTLS - see https://rt.openssl.org/Ticket/Display.html?id=3657.

  This regression was fixed in OpenSSL 1.0.1m via this commit:

  This left OpenSSL 1.0.1k and 1.0.1l with the regression, plus Ubuntu
  14.04 which backported the first fix but not the later one.

  In Debian, their patches for 1.0.1e contain both fixes:

  Please backport the second fix to the version of 1.0.1f that you
  maintain for 14.04 LTS.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to