Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 809980 (CVE-2021-3711, CVE-2021-3712) - <dev-libs/openssl-1.1.1l: multiple vulnerabilities
Summary: <dev-libs/openssl-1.1.1l: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-3711, CVE-2021-3712
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.openssl.org/news/secadv/2...
Whiteboard: A3 [glsa? cleanup]
Keywords:
Depends on: 810433
Blocks:
  Show dependency tree
 
Reported: 2021-08-24 14:49 UTC by John Helmert III
Modified: 2021-09-17 01:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-08-24 14:49:35 UTC
Details at $URL (bit of a wall of text), CVE-2021-3711 is a buffer overflow, CVE-2021-3712 is a DoS or plaintext disclosure.
Comment 1 John Helmert III gentoo-dev Security 2021-08-24 14:51:03 UTC
Fixes in 1.0.2za and 1.1.1l, please bump.
Comment 2 Sam James archtester gentoo-dev Security 2021-08-24 17:19:59 UTC
Maintainers, please remember to file security bugs when you see advisories in release notes.

Please file a stable bug when it’s ready to stabilise and have it block this bug.
Comment 3 John Helmert III gentoo-dev Security 2021-09-17 01:18:55 UTC
Please cleanup.