Summary: | <dev-libs/openssl-{1.0.2m,1.1.0g}: Malformed X.509 IPAdressFamily could cause OOB read | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20170828.txt | ||
Whiteboard: | A3 [glsa cve blocked] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 636264 | ||
Bug Blocks: |
Description
Kristian Fiskerstrand (RETIRED)
2017-08-29 14:01:52 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddc7a2854b198ea1377a9b109a1d366e4c3099e0 commit ddc7a2854b198ea1377a9b109a1d366e4c3099e0 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-11-02 15:57:41 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-11-02 15:57:55 +0000 dev-libs/openssl: Bump for CVE-2017-{3735,3736} Bug: https://bugs.gentoo.org/629290 Bug: https://bugs.gentoo.org/636264 Package-Manager: Portage-2.3.13, Repoman-2.3.4 dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-1.0.2m.ebuild | 254 +++++++++++++++++++++++++++++++++ dev-libs/openssl/openssl-1.1.0g.ebuild | 240 +++++++++++++++++++++++++++++++ 3 files changed, 496 insertions(+)} Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201712-03 at https://security.gentoo.org/glsa/201712-03 by GLSA coordinator Thomas Deutschmann (whissi). |