Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-0224 CVE-2014-0221 CVE-2014-0195 CVE-2014-0198 CVE-2010-5298 CVE-2014-3470

Source

Debian Bug report logs - #750665
openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl (PTS, buildd, popcon).

Reported by: Jeff Ballard <ballard@engr.wisc.edu>

Date: Thu, 5 Jun 2014 14:03:02 UTC

Severity: grave

Tags: security, upstream

Found in versions openssl/0.9.8o-4squeeze14, openssl/1.0.1e-2+deb7u7

Fixed in versions openssl/0.9.8o-4squeeze15, openssl/1.0.1e-2+deb7u10

Done: kurt@roeckx.be (Kurt Roeckx)

Bug is archived. No further changes may be made.

Forwarded to https://www.openssl.org/news/secadv_20140605.txt

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#750665; Package openssl. (Thu, 05 Jun 2014 14:03:06 GMT) (full text, mbox, link).

Acknowledgement sent to Jeff Ballard <ballard@engr.wisc.edu>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Thu, 05 Jun 2014 14:03:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: openssl
Version: 1.0.1e-2+deb7u7
Severity: grave
Tags: security upstream
Justification: user security hole

Plese see

https://www.openssl.org/news/secadv_20140605.txt

for more information.

-Jeff



-- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.13-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6        2.18-4
ii  libssl1.0.0  1.0.1e-2+deb7u7
ii  zlib1g       1:1.2.8.dfsg-1

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20130119

-- no debconf information

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#750665; Package openssl. (Thu, 05 Jun 2014 14:15:12 GMT) (full text, mbox, link).

Acknowledgement sent to Cyril Brulebois <kibi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Thu, 05 Jun 2014 14:15:12 GMT) (full text, mbox, link).

Message #10 received at 750665@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Jeff Ballard <ballard@engr.wisc.edu> (2014-06-05):
> Package: openssl
> Version: 1.0.1e-2+deb7u7
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Plese see
> 
> https://www.openssl.org/news/secadv_20140605.txt
> 
> for more information.

Somebody wants to subscribe to debian-security-announce:
  https://lists.debian.org/debian-security-announce/2014/msg00129.html

Mraw,
KiBi.

[signature.asc (application/pgp-signature, inline)]

Marked as fixed in versions openssl/1.0.1e-2+deb7u10. Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Thu, 05 Jun 2014 14:15:15 GMT) (full text, mbox, link).

Marked as found in versions openssl/0.9.8o-4squeeze14. Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. (Thu, 05 Jun 2014 18:03:07 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://www.openssl.org/news/secadv_20140605.txt'. Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. (Thu, 05 Jun 2014 18:03:08 GMT) (full text, mbox, link).

Marked as fixed in versions openssl/0.9.8o-4squeeze15. Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sat, 02 Aug 2014 14:33:05 GMT) (full text, mbox, link).

Marked Bug as done Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sat, 02 Aug 2014 14:33:06 GMT) (full text, mbox, link).

Notification sent to Jeff Ballard <ballard@engr.wisc.edu>:
Bug acknowledged by developer. (Sat, 02 Aug 2014 14:33:07 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 31 Aug 2014 07:30:33 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:19:42 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470

Debian Bug report logs - #750665
openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470

Vulmon Search

About

Products

Connect

openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470

Debian Bug report logs - #750665 openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470

Vulmon Search

About

Products

Connect

Debian Bug report logs - #750665
openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470