855491 – (CVE-2022-2068) dev-libs/openssl: Vulnerability in rehash script

Bug 855491 (CVE-2022-2068) - dev-libs/openssl: Vulnerability in rehash script

Summary: dev-libs/openssl: Vulnerability in rehash script

Status:	RESOLVED INVALID

Alias:	CVE-2022-2068

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-07-01 07:54 UTC by Sam James
Modified:	2022-07-01 07:56 UTC (History)
CC List:	2 users (show)

See Also:	842489 855494
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2022-07-01 07:54:37 UTC

See https://www.openssl.org/news/secadv/20220621.txt.

Note that we don't use OpenSSL's rehash script, instead our "own" (app-misc/c_rehash), so we shouldn't be affected.

Hanno did make a good point in a previous bug (bug 842489) that we should migrate to 'openssl rehash' (as upstream recommend) though.

Comment 1 Sam James archtester

2022-07-01 07:54:49 UTC

... so closing as INVALID given we're not affected (but filed for posterity).

Comment 2 Sam James archtester

2022-07-01 07:56:56 UTC

(In reply to Sam James from comment #0)
> Hanno did make a good point in a previous bug (bug 842489) that we should
> migrate to 'openssl rehash' (as upstream recommend) though.

Filed bug 855494 for that.