[Pkg-openssl-devel] Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2
Kurt Roeckx
kurt at roeckx.be
Sat Dec 21 08:35:38 UTC 2013
On Sat, Dec 21, 2013 at 08:16:42AM +0100, Salvatore Bonaccorso wrote:
> Package: openssl
> Version: 1.0.1e-2
> Severity: grave
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerability was published for openssl.
>
> CVE-2013-6449[0]:
> crash when using TLS 1.2
>
> It was reported in Apache Traffic Server[1] and upstream at [2], see
> also [3]. I was not able to reproduce any crash myself, just checking
> against the openssl source package to verify upstrem patches apply.
> See [4] and [5] for the patches applied.
I was expecting this, and planning an upload for it already. I'll
prepare an upload later today.
I have a bunch of other patches that I'd like to see reach stable,
but I'm not sure how many of those you like in a DSA.
Kurt
More information about the Pkg-openssl-devel
mailing list