Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 855491 (CVE-2022-2068)

Summary: dev-libs/openssl: Vulnerability in rehash script
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: base-system, hanno
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=842489
https://bugs.gentoo.org/show_bug.cgi?id=855494
Whiteboard:
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-01 07:54:37 UTC 
See https://www.openssl.org/news/secadv/20220621.txt.

Note that we don't use OpenSSL's rehash script, instead our "own" (app-misc/c_rehash), so we shouldn't be affected.

Hanno did make a good point in a previous bug (bug 842489) that we should migrate to 'openssl rehash' (as upstream recommend) though.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-01 07:54:49 UTC 
... so closing as INVALID given we're not affected (but filed for posterity).
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-01 07:56:56 UTC 
(In reply to Sam James from comment #0)
> Hanno did make a good point in a previous bug (bug 842489) that we should
> migrate to 'openssl rehash' (as upstream recommend) though.

Filed bug 855494 for that.