pkg_admin audit shows vulns for openssl-1.0.2i

To: pkgsrc-users%netbsd.org@localhost
Subject: pkg_admin audit shows vulns for openssl-1.0.2i
From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>
Date: Mon, 26 Sep 2016 17:46:11 +0200

Hi,

the command sequence

    pkg_admin fetch-pkg-vulnerabilities
    pkg_admin audit

still shows these vulnerabilities for the recently updated
openssl-1.0.2i:

    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
    Package openssl-1.0.2i has a side-channel vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2178
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2179
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2181
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2182
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6302
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6303

Weren't these vulns supposed to be fixed in 1.0.2i? Perhaps the vuln db
needs updating?

Regards
Matthias

Follow-Ups:
- Re: pkg_admin audit shows vulns for openssl-1.0.2i
  - From: Benny Siegert

Prev by Date: Re: fix for comms/srtp
Next by Date: Re: pkg_admin audit shows vulns for openssl-1.0.2i
Previous by Thread: security/mit-krb5 breaks other kerberos-using packages
Next by Thread: Re: pkg_admin audit shows vulns for openssl-1.0.2i
Indexes:

Home | Main Index | Thread Index | Old Index