Bug 20817

Summary: libressl new security issues CVE-2016-0702 and CVE-2016-7056
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Oden Eriksson <oe>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, pkg-bugs, thierry.vignaud
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libressl-2.3.2-1.mga6.src.rpm CVE:
Status comment: might be fixed in 2.3.10, but should be dropped (or at least updated to 2.5.x if kept)

Description David Walser 2017-05-09 16:51:14 CEST 
openSUSE has issued an advisory on May 8:
https://lists.opensuse.org/opensuse-updates/2017-05/msg00026.html

The issues are fixed in 2.5.1.

We should probably remove this package if we're not going to use or maintain it.
Comment 1 Marja Van Waes 2017-05-09 21:56:11 CEST 
Assigning to the registered maintainer, but CC'ing all packagers collectively, in case the maintainer is unavailable.

CC: (none) => marja11, pkg-bugs
Assignee: bugsquad => oe

David Walser 2017-06-05 01:16:16 CEST

Status comment: (none) => might be fixed in 2.3.10, but should be dropped (or at least updated to 2.5.x if kept)
CC: (none) => thierry.vignaud

Comment 2 David Walser 2017-06-05 16:54:52 CEST 
Dropped for now.

Resolution: (none) => OLD
Status: NEW => RESOLVED