Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4343

Source

Debian Bug report logs - #389940
Security: OpenSSL Security Advisory [28th September 2006]

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl (PTS, buildd, popcon).

Reported by: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>

Date: Thu, 28 Sep 2006 13:49:16 UTC

Severity: critical

Tags: fixed-upstream, security

Found in version all

Fixed in version 0.9.8c-2

Done: Kurt Roeckx <kurt@roeckx.be>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#389940; Package openssl. (full text, mbox, link).

Acknowledgement sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: openssl
Version: all
Severity: critical
Tags: security, fixed-upstream

Several critical security problems were found in OpenSSL, allowing remote DoS
and possibly arbitrary code execution.

See
http://www.openssl.org/news/secadv_20060928.txt


CVE-2006-2937, CVE-2006-2940, CVE-2006-3738

Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility. (full text, mbox, link).

Notification sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 389940-done@bugs.debian.org (full text, mbox, reply):

Version: 0.9.8c-2

On Thu, Sep 28, 2006 at 03:46:37PM +0200, debian-bts@spamblock.netzgehirn.de wrote:
> Package: openssl
> Version: all
> Severity: critical
> Tags: security, fixed-upstream
> 
> Several critical security problems were found in OpenSSL, allowing remote DoS
> and possibly arbitrary code execution.
> 
> See
> http://www.openssl.org/news/secadv_20060928.txt
> 
> 
> CVE-2006-2937, CVE-2006-2940, CVE-2006-3738

I've uploaded openssl 0.9.8c-2 and openssl097 0.9.7k-2 to unstable,
the security team has uploaded openssl 0.9.7e-3sarge3 to stable.

I have no idea if they are going to backport the changes to openssl096.

Note that they all also fix CVE-2006-4343.

Kurt

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 08:14:25 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:23:58 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Security: OpenSSL Security Advisory [28th September 2006]

Debian Bug report logs - #389940
Security: OpenSSL Security Advisory [28th September 2006]

Vulmon Search

About

Products

Connect

Security: OpenSSL Security Advisory [28th September 2006]

Debian Bug report logs - #389940 Security: OpenSSL Security Advisory [28th September 2006]

Vulmon Search

About

Products

Connect

Debian Bug report logs - #389940
Security: OpenSSL Security Advisory [28th September 2006]