Re: audit messages for openssl-1.0.2a?

To: Ryo ONODERA <ryo_on%yk.rim.or.jp@localhost>
Subject: Re: audit messages for openssl-1.0.2a?
From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>
Date: Fri, 20 Mar 2015 22:35:24 +0100

On Sat, Mar 21, 2015 at 03:05:38AM +0900, Ryo ONODERA wrote:
> Hi,
> 
> From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>, Date: Fri, 20 Mar 2015 16:55:27 +0100
> 
> > Hi,
> > 
> > after upgrading (from pkgsrc-current) to openssl-1.0.2a, I still get
> > two audit messages:
> > 
> >     Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
> >     Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
> > 
> > From what I understand in the openssl advisory at
> > http://www.openssl.org/news/secadv_20150319.txt, these vulnerabilites
> > should be fixed in 1.0.2a. Aren't they?
> 
> I have uploaded latest pkg-vulnerabilities.
> Please download it again.

Thank you, looks good now.

Regards
Matthias

References:
- audit messages for openssl-1.0.2a?
  - From: Matthias Ferdinand
- Re: audit messages for openssl-1.0.2a?
  - From: Ryo ONODERA

Prev by Date: Re: audit messages for openssl-1.0.2a?
Next by Date: Re: LibreSSL vs. OpenSSL
Previous by Thread: Re: audit messages for openssl-1.0.2a?
Indexes:

Home | Main Index | Thread Index | Old Index