DTLS DoS issue Reproducible: Always
This issue is a caused by a regression of the CVE-2011-4108 fix. base-system, are the two versions in $summary good to go stable?
yes, they should be good to stabilize
Arches, please test and mark stable: =dev-libs/openssl-1.0.0g Target KEYWORDS : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" =dev-libs/openssl-0.9.8t Target KEYWORDS : "amd64 x86"
amd64 stable
x86 stable. Thanks
Stable for HPPA.
alpha/arm/ia64/m68k/s390/sh/sparc stable
ppc done
CVE-2012-0050 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050): OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
ppc64 done
Thanks, everyone. Already part of draft GLSA.
This issue was resolved and addressed in GLSA 201203-12 at http://security.gentoo.org/glsa/glsa-201203-12.xml by GLSA coordinator Sean Amoss (ackle).