Bug 18661

Summary: openssl new security issues CVE-2016-2177 and CVE-2016-2178
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5TOO
Source RPM: openssl-1.0.2h-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-06-08 12:40:37 CEST 
A security issue fixed in openssl's git was posted to oss-security:
http://www.openwall.com/lists/oss-security/2016/06/08/2

It was fixed with these commits:
https://git.openssl.org/?p=openssl.git;a=commit;h=621eaf49a289bfac26d4cbcdb7396e796784c534
https://git.openssl.org/?p=openssl.git;a=commit;h=b7d0f2834e139a20560d64c73e2565e93715ce2b

I also noticed another CVE referenced with this earlier commit:
https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7

I suppose another upstream release should be on the way before too long.
David Walser 2016-06-08 12:41:04 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2016-06-08 15:03:46 CEST 
Assinging to all packagers collectively, since there is no maintainer for this package

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2016-06-08 20:39:15 CEST 
oss-security post with more explanation about the other CVE:
http://openwall.com/lists/oss-security/2016/06/08/9
Comment 3 David Walser 2016-09-23 21:54:06 CEST 
These issues are being handled in Bug 19446.

*** This bug has been marked as a duplicate of bug 19446 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE