Summary: | <dev-libs/openssl-1.0.2o-r6: Client DoS due to large DH parameter | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/vulnerabilities.html#2018-0732 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
dev-libs/openssl-1.0.2p
|
Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2018-08-15 01:54:18 UTC
We are carrying a patch for this since https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e18f23bb2a2da949d03482b4a5f3a77c37d97c09 @ Arches, please test and mark stable: =dev-libs/openssl-1.0.2p x86 stable amd64 stable ia64 stable ppc64 stable hppa stable sparc done. (In reply to Mikle Kolyada from comment #4) > amd64 stable Mikle, you missed to actually commit that change... (In reply to Laszlo Valko from comment #9) > (In reply to Mikle Kolyada from comment #4) > > amd64 stable > > Mikle, you missed to actually commit that change... He stabled revision noted in summary, instead of package list, apparently. Re-CCed amd64. amd64 stable arm64 stable alpha stable The rest was done and cleaned. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201811-03 at https://security.gentoo.org/glsa/201811-03 by GLSA coordinator Thomas Deutschmann (whissi). |