Details at $URL (bit of a wall of text), CVE-2021-3711 is a buffer overflow, CVE-2021-3712 is a DoS or plaintext disclosure.
Fixes in 1.0.2za and 1.1.1l, please bump.
Maintainers, please remember to file security bugs when you see advisories in release notes. Please file a stable bug when itβs ready to stabilise and have it block this bug.
Please cleanup.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=143e8d174e14e346f2c37e8a31a4be211ac3e24c commit 143e8d174e14e346f2c37e8a31a4be211ac3e24c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:27:07 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:39:36 +0000 [ GLSA 202210-02 ] OpenSSL: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/741570 Bug: https://bugs.gentoo.org/809980 Bug: https://bugs.gentoo.org/832339 Bug: https://bugs.gentoo.org/835343 Bug: https://bugs.gentoo.org/842489 Bug: https://bugs.gentoo.org/856592 Bug: https://bugs.gentoo.org/876787 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-02.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=530086715f82de12009538347725dbfd14e6b0a8 commit 530086715f82de12009538347725dbfd14e6b0a8 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-14 03:47:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:52:19 +0000 profiles: mask <openssl-1.1.1 Bug: https://bugs.gentoo.org/876787 Bug: https://bugs.gentoo.org/741570 Bug: https://bugs.gentoo.org/809980 Bug: https://bugs.gentoo.org/832339 Bug: https://bugs.gentoo.org/835343 Bug: https://bugs.gentoo.org/842489 Bug: https://bugs.gentoo.org/856592 Closes: https://github.com/gentoo/gentoo/pull/22909 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
GLSA released, all done!