Summary: | <dev-libs/openssl-{1.1.1q, 3.0.5}: broken AES-OCB encryption on x86 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20220705.txt | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 858143 | ||
Bug Blocks: |
Description
John Helmert III
2022-07-05 16:16:28 UTC
commit db6f7217c034a620288ea0ef95227707c3fb55ea Author: Mike Gilbert <floppym@gentoo.org> Date: Tue Jul 5 18:13:46 2022 -0400 dev-libs/openssl: add 3.0.5 Signed-off-by: Mike Gilbert <floppym@gentoo.org> The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f171e1acbd185d7cd5c5a2689f50d02c7c64caf commit 1f171e1acbd185d7cd5c5a2689f50d02c7c64caf Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-05 23:33:03 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-05 23:33:03 +0000 dev-libs/openssl: add 1.1.1q Bug: https://bugs.gentoo.org/856592 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 2 + .../openssl/files/openssl-3.0.5-test-memcmp.patch | 2 + dev-libs/openssl/openssl-1.1.1q.ebuild | 337 +++++++++++++++++++++ 3 files changed, 341 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=458daf054634ccaa6e5df1a53339e0f57f2755a6 commit 458daf054634ccaa6e5df1a53339e0f57f2755a6 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-08-29 20:51:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-29 20:51:41 +0000 dev-libs/openssl: drop 1.1.1n, 1.1.1o, 1.1.1o-r1, 1.1.1p Bug: https://bugs.gentoo.org/856592 Bug: https://bugs.gentoo.org/842489 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 7 - .../files/openssl-1.1.1p-fix-test-build.patch | 52 ---- dev-libs/openssl/openssl-1.1.1n.ebuild | 298 ------------------ dev-libs/openssl/openssl-1.1.1o-r1.ebuild | 338 --------------------- dev-libs/openssl/openssl-1.1.1o.ebuild | 318 ------------------- dev-libs/openssl/openssl-1.1.1p.ebuild | 337 -------------------- 6 files changed, 1350 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=143e8d174e14e346f2c37e8a31a4be211ac3e24c commit 143e8d174e14e346f2c37e8a31a4be211ac3e24c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:27:07 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:39:36 +0000 [ GLSA 202210-02 ] OpenSSL: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/741570 Bug: https://bugs.gentoo.org/809980 Bug: https://bugs.gentoo.org/832339 Bug: https://bugs.gentoo.org/835343 Bug: https://bugs.gentoo.org/842489 Bug: https://bugs.gentoo.org/856592 Bug: https://bugs.gentoo.org/876787 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-02.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) GLSA released, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=530086715f82de12009538347725dbfd14e6b0a8 commit 530086715f82de12009538347725dbfd14e6b0a8 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-14 03:47:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:52:19 +0000 profiles: mask <openssl-1.1.1 Bug: https://bugs.gentoo.org/876787 Bug: https://bugs.gentoo.org/741570 Bug: https://bugs.gentoo.org/809980 Bug: https://bugs.gentoo.org/832339 Bug: https://bugs.gentoo.org/835343 Bug: https://bugs.gentoo.org/842489 Bug: https://bugs.gentoo.org/856592 Closes: https://github.com/gentoo/gentoo/pull/22909 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+) |