Mandriva has issued this advisory today (April 19): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:060 Cauldron is not vulnerable (we already have 1.0.0i).
Patched package uploaded. Advisory: ======================== Updated openssl packages fix security vulnerability: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS (CVE-2012-2110). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 http://www.openssl.org/news/secadv_20120419.txt http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:060 ======================== Updated packages in core/updates_testing: ======================== libopenssl1.0.0-1.0.0d-2.4.mga1 libopenssl-devel-1.0.0d-2.4.mga1 libopenssl-engines1.0.0-1.0.0d-2.4.mga1 libopenssl-static-devel-1.0.0d-2.4.mga1 openssl-1.0.0d-2.4.mga1 from openssl-1.0.0d-2.4.mga1.src.rpm
Assignee: bugsquad => qa-bugs
Testing complete on i586 for the srpm openssl-1.0.0d-2.4.mga1.src.rpm Testing using apache with https://localhost/, kolab, and cyprus-imapd.
CC: (none) => davidwhodgins
Tested OK x86_64 with the procedures on the wiki and apache https://wiki.mageia.org/en/Testing_procedure_for_openssl Validating See comment 1 for advisory and srpm Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED