Comment 1 Anthony Basile 2016-07-06 10:51:10 UTC

(In reply to Hanno Boeck from comment #0)
> stunnel 5.34 is a security update. The upstream advisory is a bit scarce on
> details:
> https://www.stunnel.org/pipermail/stunnel-announce/2016-July/000123.html
> 
> It says:
> This release includes a major security bugfix.
> [...]
>   - Fixed malfunctioning "verify = 4".
> 
> 5.34 is already in the tree, are we ready to stabilize?

Hanno thanks!  Give me a bit since I also want to address bug #588054 for 5.34, so we'll probably be stabilizing 5.34-r1.  But #588054 is just a minor change to the init scripts and I want to test to make sure it works.

Comment 2 Anthony Basile 2016-07-06 14:52:36 UTC

(In reply to Anthony Basile from comment #1)
> (In reply to Hanno Boeck from comment #0)
> > stunnel 5.34 is a security update. The upstream advisory is a bit scarce on
> > details:
> > https://www.stunnel.org/pipermail/stunnel-announce/2016-July/000123.html
> > 
> > It says:
> > This release includes a major security bugfix.
> > [...]
> >   - Fixed malfunctioning "verify = 4".
> > 
> > 5.34 is already in the tree, are we ready to stabilize?
> 
> Hanno thanks!  Give me a bit since I also want to address bug #588054 for
> 5.34, so we'll probably be stabilizing 5.34-r1.  But #588054 is just a minor
> change to the init scripts and I want to test to make sure it works.

Okay, ready to stablize 5.34-r1

KEYWORDS="alpha amd64 arm hppa ppc ppc64 sparc x86"

Comment 3 Agostino Sarubbo 2016-07-06 15:30:44 UTC

amd64 stable

Comment 4 Agostino Sarubbo 2016-07-06 15:31:09 UTC

x86 stable

Comment 5 Agostino Sarubbo 2016-07-08 07:54:34 UTC

ppc stable

Comment 6 Agostino Sarubbo 2016-07-08 10:02:35 UTC

sparc stable

Comment 7 Agostino Sarubbo 2016-07-08 11:02:55 UTC

ppc64 stable

Comment 8 Jeroen Roovers (RETIRED) 2016-07-09 08:49:26 UTC

Stable for HPPA.

Comment 9 Tobias Klausmann (RETIRED) 2016-07-16 13:34:37 UTC

Stable on alpha.

Comment 10 Markus Meier 2016-07-18 17:16:25 UTC

arm stable, all arches done.

Comment 11 Aaron Bauman (RETIRED) 2016-07-19 02:16:04 UTC

@maintainer, please cleanup the vulnerable versions.  Also, any idea as to what exactly the potential vulnerability was?

Comment 12 Aaron Bauman (RETIRED) 2016-11-11 12:44:28 UTC

@maintainer, please clean the vulnerable versions from the tree.

GLSA Vote: No

Comment 13 Aaron Bauman (RETIRED) 2016-11-20 06:34:16 UTC

@maintainer, please clean the vulnerable versions.

Comment 14 Anthony Basile 2016-11-20 13:15:44 UTC

(In reply to Aaron Bauman from comment #13)
> @maintainer, please clean the vulnerable versions.

done.

Comment 15 Aaron Bauman (RETIRED) 2016-11-20 13:20:58 UTC

(In reply to Anthony Basile from comment #14)
> (In reply to Aaron Bauman from comment #13)
> > @maintainer, please clean the vulnerable versions.
> 
> done.

Thanks, Anthony!

GLSA Vote: No