pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/39082: audit-packages (wrongly?) says openssl-0.9.8gnb2 still vulnerable

>Number:         39082
>Category:       pkg
>Synopsis:       audit-packages (wrongly?) says openssl-0.9.8gnb2 still 
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          support
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 02 12:50:00 +0000 2008
>Originator:     Rob Quinn
>Release:        Solaris, pkgsrc-current
audit-packages says:

Package openssl-0.9.8gnb2 has a denial-of-service vulnerability, see:

 But the CVS log for pkgsrc/security/openssl/Makefile says:

date: 2008/06/03 21:39:40;  author: tonnerre;  state: Exp;  lines: +2 -1
Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g:
 - Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake
   which could lead to a silent crash.
 - Fix double free in TLS server name extensions which could lead to a remote

Patches from upstream.



Home | Main Index | Thread Index | Old Index