Summary: | <dev-libs/openssl-1.1.1i: Denial of service in X509 parser (CVE-2020-1971) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Keywords: | CC-ARCHES, STABLEREQ |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20201208.txt | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
dev-libs/openssl-1.1.1i
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 759370 |
Description
Sam James
2020-12-08 17:07:30 UTC
Note that we needed an additional patch before stabilising: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2915b998b618e03e5c0fa120ae528be64209ea85. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=10129a5714e39b28141cb501eccaf86d16d47c4d commit 10129a5714e39b28141cb501eccaf86d16d47c4d Author: Sam James <sam@gentoo.org> AuthorDate: 2020-12-08 23:24:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-08 23:24:22 +0000 dev-libs/openssl: sync (security bump to 1.1.1i) Bug: https://bugs.gentoo.org/759079 Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-1.1.1i.ebuild | 341 +++++++++++++++++++++++++++++++++ 2 files changed, 343 insertions(+) amd64 done ppc64 done arm64 done hppa/sparc stable x86 stable arm done ppc stable s390 stable Please cleanup. New GLSA request filed. This issue was resolved and addressed in GLSA 202012-13 at https://security.gentoo.org/glsa/202012-13 by GLSA coordinator Thomas Deutschmann (whissi). |