[Bug 1331452] Re: Please backport current CVEs for Precise LTS openssl098
Seth Arnold
1331452 at bugs.launchpad.net
Wed Jun 25 04:52:10 UTC 2014
It appears one of the patches added some new errors to the build logs:
...
./testssl: 128: [: SSLv3: unexpected operator
Testing AES256-SHA
Available compression methods:
1: zlib compression
TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA
1 handshakes of 256 bytes done
./testssl: 128: [: SSLv3: unexpected operator
...
Thankfully the fix was simple (change == to = in
debian/patches/CVE-2013-0169.patch for testssl), and once fixed didn't
itself indicate any new errors.
However now I'm at a loss how to test this package; my first shot, using
"LD_PRELOAD=/path/to/libssl.so.0.9.8 openssl" didn't actually work. How
did you test it and is there something I can do to at least smoke-test
it?
Thanks
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0169
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1331452
Title:
Please backport current CVEs for Precise LTS openssl098
Status in “openssl” package in Ubuntu:
Invalid
Status in “openssl” source package in Precise:
In Progress
Bug description:
Please backport the CVS listed here to openssl098 :
http://people.canonical.com/~ubuntu-security/cve/pkg/openssl098.html
* CVE-2012-0884
* CVE-2012-2333
* CVE-2013-0166
* CVE-2013-0169
* CVE-2014-0195
* CVE-2014-0221
* CVE-2014-0224
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1331452/+subscriptions
More information about the foundations-bugs
mailing list