pkg/39082: audit-packages (wrongly?) says openssl-0.9.8gnb2 still vulnerable

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/39082: audit-packages (wrongly?) says openssl-0.9.8gnb2 still vulnerable
From: sd4dfg2%hotmail.com@localhost
Date: Wed, 2 Jul 2008 12:50:00 +0000 (UTC)

>Number:         39082
>Category:       pkg
>Synopsis:       audit-packages (wrongly?) says openssl-0.9.8gnb2 still 
>vulnerable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          support
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 02 12:50:00 +0000 2008
>Originator:     Rob Quinn
>Release:        Solaris, pkgsrc-current
>Organization:
>Environment:
>Description:
audit-packages says:

Package openssl-0.9.8gnb2 has a denial-of-service vulnerability, see: 
http://www.openssl.org/news/secadv_20080528.txt



 But the CVS log for pkgsrc/security/openssl/Makefile says:


date: 2008/06/03 21:39:40;  author: tonnerre;  state: Exp;  lines: +2 -1
Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g:
 - Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake
   which could lead to a silent crash.
 - Fix double free in TLS server name extensions which could lead to a remote
   crash.

Patches from upstream.
----------------------------

>How-To-Repeat:

>Fix:

Prev by Date: pkg/39081:
Next by Date: Re: pkg/39081 ()
Previous by Thread: pkg/39081:
Next by Thread: Re: pkg/39081 ()
Indexes:

Home | Main Index | Thread Index | Old Index