Summary: | <dev-libs/openssl-3.0.1: Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20211214.txt | ||
Whiteboard: | ~3 [cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2021-12-14 20:42:03 UTC
Only affects masked/~arch so 'trivial' by our classification. Please bump to 3.0.1. ... and bumped just after this, bad timing: https://github.com/gentoo/gentoo/commit/e1451181429e11e44ff4a97fd5b38ccc65790c66 Tentatively using < in summary although it's not very descriptive. OpenSSL 1.1 is fine. 3.0.2 is the oldest openssl-3.x in tree, so tree is clean |