19161 – stunnel new security issue fixed upstream in 5.34

Bug 19161 - stunnel new security issue fixed upstream in 5.34

Summary: stunnel new security issue fixed upstream in 5.34

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Guillaume Rousse
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/696702/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-08-08 22:17 CEST by David Walser
Modified:	2016-11-11 12:27 CET (History)
CC List:	0 users

See Also:
Source RPM:	stunnel-5.31-2.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-08-08 22:17:51 CEST

Slackware has issued an advisory on August 6:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.535426

You can see the issue was fixed in the upstream changelog in 5.34:
https://www.stunnel.org/sdf_ChangeLog.html

Mageia 5 may also be affected.

Comment 1 Guillaume Rousse 2016-11-11 12:27:46 CET

Cauldron now has latest upstream version. Mageia 5 has still version 5.03, whereas the fix appears in 5.34 only, I don't think backporting the correction is worth the trouble.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.