Summary: | <dev-libs/openssl-1.1.1n: infinite loop when using invalid curve parameters in BN_mod_sqrt() | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/openssl-1.1.1-notes.html | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 835348 | ||
Bug Blocks: | 882525 |
Description
John Helmert III
2022-03-15 16:53:32 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c159d820eb8b1f3e16165b718edd935c98e003b7 commit c159d820eb8b1f3e16165b718edd935c98e003b7 Author: Patrick McLean <chutzpah@gentoo.org> AuthorDate: 2022-03-15 17:31:25 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2022-03-15 17:31:39 +0000 dev-libs/openssl: Version bumps to 1.1.1n and 3.0.2 Bug: https://bugs.gentoo.org/835343 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Patrick McLean <chutzpah@gentoo.org> dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-1.1.1n.ebuild | 294 +++++++++++++++++++++++++++++++++ dev-libs/openssl/openssl-3.0.2.ebuild | 293 ++++++++++++++++++++++++++++++++ 3 files changed, 589 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eadd928d278da7cd057c283269c91fbf6a5c60dc commit eadd928d278da7cd057c283269c91fbf6a5c60dc Author: Patrick McLean <chutzpah@gentoo.org> AuthorDate: 2022-03-15 17:34:35 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2022-03-15 17:34:49 +0000 dev-libs/openssl: Stabilize 1.1.1n on amd64 (bug #835343) Bug: https://bugs.gentoo.org/835343 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Patrick McLean <chutzpah@gentoo.org> dev-libs/openssl/openssl-1.1.1n.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=143e8d174e14e346f2c37e8a31a4be211ac3e24c commit 143e8d174e14e346f2c37e8a31a4be211ac3e24c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:27:07 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:39:36 +0000 [ GLSA 202210-02 ] OpenSSL: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/741570 Bug: https://bugs.gentoo.org/809980 Bug: https://bugs.gentoo.org/832339 Bug: https://bugs.gentoo.org/835343 Bug: https://bugs.gentoo.org/842489 Bug: https://bugs.gentoo.org/856592 Bug: https://bugs.gentoo.org/876787 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-02.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=530086715f82de12009538347725dbfd14e6b0a8 commit 530086715f82de12009538347725dbfd14e6b0a8 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-14 03:47:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:52:19 +0000 profiles: mask <openssl-1.1.1 Bug: https://bugs.gentoo.org/876787 Bug: https://bugs.gentoo.org/741570 Bug: https://bugs.gentoo.org/809980 Bug: https://bugs.gentoo.org/832339 Bug: https://bugs.gentoo.org/835343 Bug: https://bugs.gentoo.org/842489 Bug: https://bugs.gentoo.org/856592 Closes: https://github.com/gentoo/gentoo/pull/22909 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+) GLSA released, all done! |