542038 – (CVE-2015-0288) dev-libs/openssl: Check public key is not NULL (CVE-2015-0288)

Bug 542038 (CVE-2015-0288) - dev-libs/openssl: Check public key is not NULL (CVE-2015-0288)

Summary: dev-libs/openssl: Check public key is not NULL (CVE-2015-0288)

Status:	RESOLVED DUPLICATE of bug 543552

Alias:	CVE-2015-0288

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/openssl/openssl/co...
Whiteboard:	A3 [stable?]
Keywords:

Depends on:
Blocks:

Reported:	2015-03-03 21:27 UTC by Kristian Fiskerstrand (RETIRED)
Modified:	2015-03-19 18:15 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-03-03 21:27:30 UTC

From ${URL}:
Check public key is not NULL.

CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
##

Very little details, scouting for more.

Comment 1 SpanKY gentoo-dev

2015-03-04 07:34:45 UTC

Commit message: Add fix from upstream for CVE-2015-0288
http://sources.gentoo.org/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch?rev=1.1
http://sources.gentoo.org/dev-libs/openssl/openssl-1.0.2-r2.ebuild?rev=1.1

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-03-19 18:15:31 UTC

This issue was included in the handling for bug 543552

*** This bug has been marked as a duplicate of bug 543552 ***