Summary: | <net-misc/stunnel-5.34-r1: broken certificate verification | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.stunnel.org/pipermail/stunnel-announce/2016-July/000123.html | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2016-07-06 10:45:48 UTC
(In reply to Hanno Boeck from comment #0) > stunnel 5.34 is a security update. The upstream advisory is a bit scarce on > details: > https://www.stunnel.org/pipermail/stunnel-announce/2016-July/000123.html > > It says: > This release includes a major security bugfix. > [...] > - Fixed malfunctioning "verify = 4". > > 5.34 is already in the tree, are we ready to stabilize? Hanno thanks! Give me a bit since I also want to address bug #588054 for 5.34, so we'll probably be stabilizing 5.34-r1. But #588054 is just a minor change to the init scripts and I want to test to make sure it works. (In reply to Anthony Basile from comment #1) > (In reply to Hanno Boeck from comment #0) > > stunnel 5.34 is a security update. The upstream advisory is a bit scarce on > > details: > > https://www.stunnel.org/pipermail/stunnel-announce/2016-July/000123.html > > > > It says: > > This release includes a major security bugfix. > > [...] > > - Fixed malfunctioning "verify = 4". > > > > 5.34 is already in the tree, are we ready to stabilize? > > Hanno thanks! Give me a bit since I also want to address bug #588054 for > 5.34, so we'll probably be stabilizing 5.34-r1. But #588054 is just a minor > change to the init scripts and I want to test to make sure it works. Okay, ready to stablize 5.34-r1 KEYWORDS="alpha amd64 arm hppa ppc ppc64 sparc x86" amd64 stable x86 stable ppc stable sparc stable ppc64 stable Stable for HPPA. Stable on alpha. arm stable, all arches done. @maintainer, please cleanup the vulnerable versions. Also, any idea as to what exactly the potential vulnerability was? @maintainer, please clean the vulnerable versions from the tree. GLSA Vote: No @maintainer, please clean the vulnerable versions. (In reply to Aaron Bauman from comment #13) > @maintainer, please clean the vulnerable versions. done. (In reply to Anthony Basile from comment #14) > (In reply to Aaron Bauman from comment #13) > > @maintainer, please clean the vulnerable versions. > > done. Thanks, Anthony! GLSA Vote: No |