Attachment 643856 Details for Bug 719502 – Fix affected OpenSSL versions for GLSA 202004-10

Fix affected OpenSSL versions for GLSA 202004-10

glsa-202004-10-openssl_versions_fix.patch (text/plain), 1.32 KB, created by Hank Leininger on 2020-06-07 19:02:16 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Hank Leininger

Created: 2020-06-07 19:02:16 UTC

Size: 1.32 KB

patch

obsolete

>--- glsa-202004-10.xml.orig	2020-04-23 10:39:40.000000000 -0400
>+++ glsa-202004-10.xml	2020-06-07 14:57:17.792113920 -0400
>@@ -13,8 +13,10 @@
> <access>local, remote</access>
> <affected>
> <package name="dev-libs/openssl" auto="yes" arch="*">
>- <unaffected range="ge">1.1.1g</unaffected>
>- <vulnerable range="lt">1.1.1g</vulnerable>
>+ <unaffected range="ge" slot="0">1.0.2u</unaffected>
>+ <unaffected range="ge" slot="0/1.1">1.1.1g</unaffected>
>+ <vulnerable range="lt" slot="0">1.0.2u</vulnerable>
>+ <vulnerable range="lt" slot="0/1.1">1.1.1g</vulnerable>
> </package>
> </affected>
> <background>
>@@ -40,13 +42,20 @@
> There is no known workaround at this time.
> </workaround>
> <resolution>
>- All OpenSSL users should upgrade to the latest version:
>+ All OpenSSL 1.1.x users should upgrade to the latest version:
> 
> <code>
> # emerge --sync
> # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.1.1g"
> </code>
> 
>+ All OpenSSL 1.0.x users should upgrade to the latest version:
>+ 
>+ <code>
>+ # emerge --sync
>+ # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2u"
>+ </code>
>+ 
> </resolution>
> <references>
> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1551">CVE-2019-1551</uri>

Actions: View

Attachments on bug 719502: 643856