Re: [SECURITY] [DSA 2950-1] openssl security update

To: Kurt Roeckx <kurt@roeckx.be>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, jmm@debian.org, debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2950-1] openssl security update
From: Florian Zumbiehl <florz@florz.de>
Date: Thu, 5 Jun 2014 22:54:07 +0200
Message-id: <[🔎] 20140605205407.GH4725@florz.florz.dyndns.org>
In-reply-to: <[🔎] 20140605172941.GA29714@roeckx.be>
References: <20140605115134.GA2278@pisco.westfalen.local> <[🔎] 20140605144635.GA12436@florz.florz.dyndns.org> <[🔎] fc06fcb2d5ff06d92fa7dc24e5c18b02@mail.adsl.funky-badger.org> <[🔎] 20140605172941.GA29714@roeckx.be>

Hi,

> > That was fixed last month - https://www.debian.org/security/2014/dsa-2931
> 
> So that's fixed since 1.0.1e-2+deb7u9
> 
> > >and CVE-2010-5298?
> > 
> > https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates that
> > this is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it's not
> > in the Debian package. Is that not correct?
> 
> This was fixed in DSA-2908-1 (1.0.1e-2+deb7u7)

Thanks for the info both of you! I just hadn't considered the possibility
that Debian could have fixed some security issues weeks before OpenSSL's
own advisory. And thanks for fixing them so fast to whoever is responsible!
:-)

Regards, Florian

Reply to:

References:
- Re: [SECURITY] [DSA 2950-1] openssl security update
  - From: Florian Zumbiehl <florz@florz.de>
- Re: [SECURITY] [DSA 2950-1] openssl security update
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: [SECURITY] [DSA 2950-1] openssl security update
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Re: [SECURITY] [DSA 2950-1] openssl security update
Next by Date: Re: [SECURITY] [DSA 2939-1] chromium-browser security update
Previous by thread: Re: [SECURITY] [DSA 2950-1] openssl security update
Next by thread: Re: goals for hardening Debian: ideas and help wanted
Index(es):
- Date
- Thread