20817 – libressl new security issues CVE-2016-0702 and CVE-2016-7056

Bug 20817 - libressl new security issues CVE-2016-0702 and CVE-2016-7056

Summary: libressl new security issues CVE-2016-0702 and CVE-2016-7056

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Oden Eriksson
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-09 16:51 CEST by David Walser
Modified:	2017-06-05 16:54 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	libressl-2.3.2-1.mga6.src.rpm
CVE:
Status comment:	might be fixed in 2.3.10, but should be dropped (or at least updated to 2.5.x if kept)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-05-09 16:51:14 CEST

openSUSE has issued an advisory on May 8:
https://lists.opensuse.org/opensuse-updates/2017-05/msg00026.html

The issues are fixed in 2.5.1.

We should probably remove this package if we're not going to use or maintain it.

Comment 1 Marja Van Waes 2017-05-09 21:56:11 CEST

Assigning to the registered maintainer, but CC'ing all packagers collectively, in case the maintainer is unavailable.

CC: (none) => marja11, pkg-bugs
Assignee: bugsquad => oe

David Walser 2017-06-05 01:16:16 CEST

Status comment: (none) => might be fixed in 2.3.10, but should be dropped (or at least updated to 2.5.x if kept)
CC: (none) => thierry.vignaud

Comment 2 David Walser 2017-06-05 16:54:52 CEST

Dropped for now.

Resolution: (none) => OLD
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.