CVE-2019-1551/openssl triage

To: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: CVE-2019-1551/openssl triage
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 9 Dec 2019 09:44:54 +0100
Message-id: <[🔎] 45b87aa9-da09-06dc-c2c2-259ee214f7bd@beuc.net>

Hi Utkarsh,

You wrote for CVE-2019-1551:
+    [jessie] - openssl <not-affected> (Only affects OpenSSL > 1.1.0-pre1)

However the advisory says:
https://www.openssl.org/news/secadv/20191206.txt
"OpenSSL versions 1.1.1 and 1.0.2 are affected by this issue."

So the status for 1.0.1 (jessie, wheezy) isn't clear.

Can you add more elements to your triage?

Cheers!
Sylvain

Reply to:

Follow-Ups:
- Re: CVE-2019-1551/openssl triage
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>

Prev by Date: Re: RFS: openslp-dfsg
Next by Date: Re: CVE-2019-1551/openssl triage
Previous by thread: Re: RFS: openslp-dfsg
Next by thread: Re: CVE-2019-1551/openssl triage
Index(es):
- Date
- Thread