[Bug 1331452] Re: Please backport current CVEs for Precise LTS openssl098
Louis Bouchard
louis.bouchard at canonical.com
Thu Jun 19 08:08:13 UTC 2014
Seth, thanks for looking at this.
The mention of debian/patches/fix_renegotiation.patch in the changelog
is a cut and paste mistake from my part. I only backported the CVEs from
Lucid, not the other patches. If you think that the other patches are
required let me know and I'll see what I can do.
Regarding crypto/cms/cms_smime.c, it comes from iteration mistakes
between my environments. I fixed it and the new debdiff includes the
missing match.
The package builds fine on precise with the added patch.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1331452
Title:
Please backport current CVEs for Precise LTS openssl098
Status in “openssl” package in Ubuntu:
Invalid
Status in “openssl” source package in Precise:
In Progress
Bug description:
Please backport the CVS listed here to openssl098 :
http://people.canonical.com/~ubuntu-security/cve/pkg/openssl098.html
* CVE-2012-0884
* CVE-2012-2333
* CVE-2013-0166
* CVE-2013-0169
* CVE-2014-0195
* CVE-2014-0221
* CVE-2014-0224
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1331452/+subscriptions
More information about the foundations-bugs
mailing list