[17.10] libssl-dev 1.0.2g is 1.0.0
Frank Rehberger
frehberg at gmail.com
Sun Mar 11 09:05:51 UTC 2018
Hi
distribution : artful (ubuntu 17.10)
package libssl-dev [1.0.2g]
the package libssl-dev claims to be 1.0.2g, but it seems to be older
header-version 1.0.0, as it lacks the constant
./crypto/x509/x509_vfy.h:# define X509_V_ERR_INVALID_CALL
65
It seems libssl binary package is also 1.0.0
ii libssl-dev:amd64 1.0.2g-1ubuntu13.3
amd64 Secure Sockets Layer toolkit -
development files
ii libssl-doc 1.0.2g-1ubuntu13.3
all Secure Sockets Layer toolkit -
development documentation
ii libssl1.0.0:amd64 1.0.2g-1ubuntu13.3
amd64 Secure Sockets Layer toolkit - shared
libraries
This could be a security issue, shipping a library 1.0.0 claiming to be
1.0.2g
More information about the ubuntu-devel
mailing list