949620 – (CVE-2024-12797) <dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthenticated servers don't abort as expected

Bug 949620 (CVE-2024-12797) - <dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthenticated servers don't abort as expected

Summary: <dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthentica...

Status:	IN_PROGRESS

Alias:	CVE-2024-12797

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [stable]
Keywords:

Depends on:	949643 949644 949645
Blocks:
	Show dependency tree

Reported:	2025-02-11 15:09 UTC by Sam James
Modified:	2025-02-12 07:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2025-02-11 15:09:24 UTC

This only affects >=3.1 (not 3.0.x).

Comment 1 Sam James archtester

2025-02-11 15:32:05 UTC

I've started bumping these but may not finish until later.

Comment 2 Sam James archtester

2025-02-12 05:02:16 UTC

commit ca397f75d7bb3124b8cc8faff1c27790c2b55764
Author: Patrick McLean <chutzpah@gentoo.org>
Date:   Tue Feb 11 08:10:56 2025 -0800

    dev-libs/openssl: add 3.3.3

    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

commit 26b201c972381ff1325091061a4ad899c74a918d
Author: Patrick McLean <chutzpah@gentoo.org>
Date:   Tue Feb 11 08:45:58 2025 -0800

    dev-libs/openssl: add 3.2.4

    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

commit ed25cc8ff17852978ca5c15741cf9ee72d0ecbed
Author: Patrick McLean <chutzpah@gentoo.org>
Date:   Tue Feb 11 09:02:02 2025 -0800

    dev-libs/openssl: add 3.1.8

    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>