Summary: | dev-libs/openssl <0.9.8j DSA/ECDSA Incorrect certificate signature verification (CVE-2008-5077) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | ap, base-system, djc, eras | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | http://openssl.org/news/secadv_20090107.txt | ||||||||||
Whiteboard: | A3 [glsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-12-17 18:55:48 UTC
Created attachment 175631 [details, diff]
openssl-0.9.8i-CVE-2008-5077.patch
Please prepare an ebuild applying this patch and attach it to the bug, we'll handle prestable testing here. Do not commit anything to CVS.
This is now public via http://openssl.org/news/secadv_20090107.txt. Please apply the patch in the tree. Created attachment 177699 [details]
openssl-0.9.8j.ebuild
Created attachment 177700 [details, diff]
openssl-0.9.8j-parallel-build.patch
(Still broken for parallel building, please wait for an updated ebuild) +*openssl-0.9.8j (08 Jan 2009) + + 08 Jan 2009; Peter Alfredsen <loki_val@gentoo.org> + +files/openssl-0.9.8j-parallel-build.patch, +openssl-0.9.8j.ebuild: + Bump, bug 254183 and CVE-2008-5077, bug 251346. Parallel build fails + horribly, forcing -j1. Since we don't install fips, sedded that part out + of the root makefile to get around a build failure. + Arches, please test and mark stable: =dev-libs/openssl-0.9.8j Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Stable for HPPA. ppc and ppc64 done alpha/sparc/x86 stable, need to look at ia64 test failure... amd64 stable request filed GLSA 200902-02 arm/m68k/s390/sh were done, and ia64 stable now :) |