From ${URL} : A posting to Full Disclosure mailing list (oss-sec) indicated that multiple flaws (null pointer dereference, off-by-one and others resulting in DoS/crash) were in BN (multiprecision integer arithmetics) part of openssl between 0.9.8k-1.0.1e and included proof of concept code. It is not yet certain whether these are legitimate flaws or not. Oss-sec posting: http://seclists.org/fulldisclosure/2013/Dec/8 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
RedHat does not consider this a security bug c.f. comment 2 and 3 of https://bugzilla.redhat.com/show_bug.cgi?id=1038999 . @Security: I tend to agree and propose closing it accordingly. Other opinions?
@maintainers: What is your opinion as to the classification of this as a security bug? I propose closing it as invalid, and will do so if there is no objection in 14 days.
With a month passed and no comments, I agree with K_F. Closing the bug. If there are any other opinions please advise.
