Summary: | <dev-libs/libressl-3.1.2: Denial of service if server sends empty cert list | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | libressl |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.2-relnotes.txt | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-05-21 22:09:24 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=112dfed4131cb2e0256d5a37647467b88ec46208 commit 112dfed4131cb2e0256d5a37647467b88ec46208 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-07-27 20:30:27 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-07-27 20:30:27 +0000 dev-libs/libressl: drop vulnerable * TLS 1.3 was not introduced in older versions or was not default enabled yet Bug: https://bugs.gentoo.org/724512 Signed-off-by: Aaron Bauman <bman@gentoo.org> dev-libs/libressl/Manifest | 1 - dev-libs/libressl/libressl-3.1.1.ebuild | 63 --------------------------------- 2 files changed, 64 deletions(-) |