Re: [SECURITY] [DSA 2950-1] openssl security update

To: Florian Zumbiehl <florz@florz.de>
Cc: jmm@debian.org, debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2950-1] openssl security update
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 05 Jun 2014 17:13:33 +0100
Message-id: <[🔎] fc06fcb2d5ff06d92fa7dc24e5c18b02@mail.adsl.funky-badger.org>
In-reply-to: <[🔎] 20140605144635.GA12436@florz.florz.dyndns.org>
References: <20140605115134.GA2278@pisco.westfalen.local> <[🔎] 20140605144635.GA12436@florz.florz.dyndns.org>

On 2014-06-05 15:46, Florian Zumbiehl wrote:

Hi,
Package        : openssl
CVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224CVE-2014-3470
is it intentional that you didn't fix CVE-2014-0198

That was fixed last month -https://www.debian.org/security/2014/dsa-2931

and CVE-2010-5298?

https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates thatthis is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it'snot in the Debian package. Is that not correct?


Regards,

Adam

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2950-1] openssl security update
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- Re: [SECURITY] [DSA 2950-1] openssl security update
  - From: Florian Zumbiehl <florz@florz.de>

Prev by Date: Re: [SECURITY] [DSA 2950-1] openssl security update
Next by Date: Re: [SECURITY] [DSA 2950-1] openssl security update
Previous by thread: Re: [SECURITY] [DSA 2950-1] openssl security update
Next by thread: Re: [SECURITY] [DSA 2950-1] openssl security update
Index(es):
- Date
- Thread