[Pkg-openssl-devel] Bug#670317: openssl: ASN1 BIO incomplete fix (CVE-2012-2131)
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 24 20:27:19 UTC 2012
Source: openssl
Version: 0.9.8o-4squeeze11
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi
It was announced that the fix for CVE-2012-2110 was incomplete [1]. It
was assignet CVE-2012-2131 to this. Upstream CVS contains a fix for
this at [2].
[1]: http://marc.info/?l=openssl-dev&m=133525318514423&w=2
[2]: http://cvs.openssl.org/chngview?cn=22479
Regards,
Salvatore
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPlwyhAAoJEHidbwV/2GP+ETQP/2snwLPjocPYH56uRXZx5Ec9
WVjcn236/O4+rw5J3nCWjRBNOETxlkMaH/zUjLcfMEM4h4g3ST0ZRKIoi9qSJSvG
CDS5/yGUYeIAr1D4QVLuF5lkfXICiDfB8Olykeq1eIGqDijmQNLI6KEnKdefW2Du
28KVE8fM014c3/+mJGD3ORb/aimfnp+htTEFCReKBxA3V1urrVrFmq/vjqSjtlHe
ySIN2Wmmg+okx/s10l5B4h2MAMV0ipmjCqFqskTim3N1C9DLRXnONbY56Fn0UbRj
IYBcuJ6Of686G5PFuIBLhrHRtgba1y0eVtMZNjlgcINcPsJNqShlUojY7kUTw/lL
J4LzHJBLTwa6Ki1jhgUGCKlPbdMmAh2yoFh/XzOMZSAMaYJmQkaxupjjjkmKBefs
jB6687mX+aLghoyAUbEnfFLZFFR2RED8Ddyt1c5xBKRNJoyC0QAaDK2flFSzuLao
vXfYX98Hs4FVu2I/wyCoJg5gBayS3nx6lPiKbqOvQGiwEAJHdLRYBkfd28YhZwqI
ZXj2QhKexQ+3A6oA0OzC9zjqLP/uQyUAEk0Z1o2tdvHvZXEyMZoMy6jA6QxgrrE4
MVy1x3ORMKE32qv+nqIxZF7B6vMssFQCyCT2RSGUBJu8vc4bknXZfLGXm5QLB5M8
kZ0vd+2F6Pw9W/ZKuo6m
=YBqH
-----END PGP SIGNATURE-----
More information about the Pkg-openssl-devel
mailing list