Summary: | <dev-libs/openssl-{1.0.2m,1.1.0g}: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alwag, base-system |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20170828.txt | ||
Whiteboard: | A3 [glsa cve cleanup] | ||
Package list: |
=dev-libs/openssl-1.0.2m
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 629290 |
Description
GLSAMaker/CVETool Bot
2017-11-02 15:49:23 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddc7a2854b198ea1377a9b109a1d366e4c3099e0 commit ddc7a2854b198ea1377a9b109a1d366e4c3099e0 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-11-02 15:57:41 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-11-02 15:57:55 +0000 dev-libs/openssl: Bump for CVE-2017-{3735,3736} Bug: https://bugs.gentoo.org/629290 Bug: https://bugs.gentoo.org/636264 Package-Manager: Portage-2.3.13, Repoman-2.3.4 dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-1.0.2m.ebuild | 254 +++++++++++++++++++++++++++++++++ dev-libs/openssl/openssl-1.1.0g.ebuild | 240 +++++++++++++++++++++++++++++++ 3 files changed, 496 insertions(+)} @ Arches, please test and mark stable: =dev-libs/openssl-1.0.2m x86 stable Stable on amd64 ia64 stable Stable on alpha. hppa stable (by Jeroen Roovers) ppc/ppc64 stable arm stable arm64 is unstable arch. GLSA request filed. sparc stable (thanks to Rolf Eike Beer) This issue was resolved and addressed in GLSA 201712-03 at https://security.gentoo.org/glsa/201712-03 by GLSA coordinator Thomas Deutschmann (whissi). *** Bug 635584 has been marked as a duplicate of this bug. *** |