[Bug 1331452] Re: Please backport current CVEs for Precise LTS openssl098
Seth Arnold
1331452 at bugs.launchpad.net
Thu Jun 19 06:18:13 UTC 2014
Thanks for taking on this update; I have a few questions:
The changelog references a patch that isn't included:
+ - debian/patches/fix_renegotiation.patch: add upstream commit to fix
+ renegotiation in ssl/s3_clnt.c, ssl/t1_lib.c.
Why was this patch dropped? It feels accidental, since it's still in the
changelog.
The modifications to the file crypto/cms/cms_smime.c appear to have been
dropped from debian/patches/CVE-2012-0884.patch. Was this intentional?
Thanks
** Changed in: openssl (Ubuntu Precise)
Status: Confirmed => Incomplete
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0884
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1331452
Title:
Please backport current CVEs for Precise LTS openssl098
Status in “openssl” package in Ubuntu:
Invalid
Status in “openssl” source package in Precise:
Incomplete
Bug description:
Please backport the CVS listed here to openssl098 :
http://people.canonical.com/~ubuntu-security/cve/pkg/openssl098.html
* CVE-2012-0884
* CVE-2012-2333
* CVE-2013-0166
* CVE-2013-0169
* CVE-2014-0195
* CVE-2014-0221
* CVE-2014-0224
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1331452/+subscriptions
More information about the foundations-bugs
mailing list