Summary: | dev-libs/openssl: excessive processing of X9.42 DH keys | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | minor | CC: | ajak, base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20231106.txt | ||
Whiteboard: | B3 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() Let's roll this into bug 921684, which has the same fixed versions. Upstream didn't make a release for this advisory, instead deferring releasing fixes until the next-released version according to the advisory: "Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available. The fix is also available in commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 (for 3.1) and commit db925ae2e65d0d925adef429afc37f75bd1c2017 (for 3.0)." ~/git/openssl $ git tag --contains db925ae2e65d0d925adef429afc37f75bd1c2017 openssl-3.0.13 ~/git/openssl $ git tag --contains ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 openssl-3.1.5 *** This bug has been marked as a duplicate of bug 921684 *** |