Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 809980 - <dev-libs/openssl-1.1.1l: multiple vulnerabilities
Summary: <dev-libs/openssl-1.1.1l: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://www.openssl.org/news/secadv/2...
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 810433
Blocks: CVE-2021-3711, CVE-2021-3712
  Show dependency tree
 
Reported: 2021-08-24 14:49 UTC by John Helmert III
Modified: 2022-10-16 14:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-24 14:49:35 UTC
Details at $URL (bit of a wall of text), CVE-2021-3711 is a buffer overflow, CVE-2021-3712 is a DoS or plaintext disclosure.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-24 14:51:03 UTC
Fixes in 1.0.2za and 1.1.1l, please bump.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-24 17:19:59 UTC
Maintainers, please remember to file security bugs when you see advisories in release notes.

Please file a stable bug when it’s ready to stabilise and have it block this bug.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-17 01:18:55 UTC
Please cleanup.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 03:39:36 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-10-16 14:39:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=143e8d174e14e346f2c37e8a31a4be211ac3e24c

commit 143e8d174e14e346f2c37e8a31a4be211ac3e24c
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-16 14:27:07 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:39:36 +0000

    [ GLSA 202210-02 ] OpenSSL: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/741570
    Bug: https://bugs.gentoo.org/809980
    Bug: https://bugs.gentoo.org/832339
    Bug: https://bugs.gentoo.org/835343
    Bug: https://bugs.gentoo.org/842489
    Bug: https://bugs.gentoo.org/856592
    Bug: https://bugs.gentoo.org/876787
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-02.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2022-10-16 14:52:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=530086715f82de12009538347725dbfd14e6b0a8

commit 530086715f82de12009538347725dbfd14e6b0a8
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-10-14 03:47:09 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:52:19 +0000

    profiles: mask <openssl-1.1.1
    
    Bug: https://bugs.gentoo.org/876787
    Bug: https://bugs.gentoo.org/741570
    Bug: https://bugs.gentoo.org/809980
    Bug: https://bugs.gentoo.org/832339
    Bug: https://bugs.gentoo.org/835343
    Bug: https://bugs.gentoo.org/842489
    Bug: https://bugs.gentoo.org/856592
    Closes: https://github.com/gentoo/gentoo/pull/22909
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-16 14:56:38 UTC
GLSA released, all done!