[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/39082: audit-packages (wrongly?) says openssl-0.9.8gnb2 still vulnerable
>Synopsis: audit-packages (wrongly?) says openssl-0.9.8gnb2 still
>Arrival-Date: Wed Jul 02 12:50:00 +0000 2008
>Originator: Rob Quinn
>Release: Solaris, pkgsrc-current
Package openssl-0.9.8gnb2 has a denial-of-service vulnerability, see:
But the CVS log for pkgsrc/security/openssl/Makefile says:
date: 2008/06/03 21:39:40; author: tonnerre; state: Exp; lines: +2 -1
Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g:
- Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake
which could lead to a silent crash.
- Fix double free in TLS server name extensions which could lead to a remote
Patches from upstream.
Main Index |
Thread Index |