* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201110-01.xml
@ 2011-10-09 15:33 Tobias Heinlein (keytoaster)
0 siblings, 0 replies; 4+ messages in thread
From: Tobias Heinlein (keytoaster) @ 2011-10-09 15:33 UTC (permalink / raw
To: gentoo-commits
keytoaster 11/10/09 15:33:50
Added: glsa-201110-01.xml
Log:
GLSA 201110-01.
Revision Changes Path
1.1 xml/htdocs/security/en/glsa/glsa-201110-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.1&content-type=text/plain
Index: glsa-201110-01.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="/xsl/glsa.xsl"?>
<?xml-stylesheet type="text/xsl" href="/xsl/guide.xsl"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201110-01">
<title>OpenSSL: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities were found in OpenSSL, allowing for the
execution of arbitrary code and other attacks.
</synopsis>
<product type="ebuild">openssl</product>
<announced>October 09, 2011</announced>
<revised>October 09, 2011: 1</revised>
<bug>303739</bug>
<bug>308011</bug>
<bug>322575</bug>
<bug>332027</bug>
<bug>345767</bug>
<bug>347623</bug>
<bug>354139</bug>
<bug>382069</bug>
<access>local, remote</access>
<affected>
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">1.0.0e</unaffected>
<vulnerable range="lt">1.0.0e</vulnerable>
</package>
</affected>
<background>
<p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>A context-dependent attacker could cause a Denial of Service, possibly
execute arbitrary code, bypass intended key requirements, force the
downgrade to unintended ciphers, bypass the need for knowledge of shared
secrets and successfully authenticate, bypass CRL validation, or obtain
sensitive information in applications that use OpenSSL.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSSL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"
</code>
<p>NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 17, 2011. It is likely that your system is
already no longer affected by most of these issues.
</p>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245">CVE-2009-3245</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355">CVE-2009-4355</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433">CVE-2010-0433</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740">CVE-2010-0740</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742">CVE-2010-0742</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633">CVE-2010-1633</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939">CVE-2010-2939</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864">CVE-2010-3864</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180">CVE-2010-4180</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252">CVE-2010-4252</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014">CVE-2011-0014</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207">CVE-2011-3207</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210">CVE-2011-3210</uri>
</references>
<metadata timestamp="Fri, 07 Oct 2011 23:38:03 +0000" tag="requester">craig</metadata>
<metadata timestamp="Sun, 09 Oct 2011 15:21:16 +0000" tag="submitter">
keytoaster
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201110-01.xml
@ 2011-10-09 17:31 Alex Legler (a3li)
0 siblings, 0 replies; 4+ messages in thread
From: Alex Legler (a3li) @ 2011-10-09 17:31 UTC (permalink / raw
To: gentoo-commits
a3li 11/10/09 17:31:21
Modified: glsa-201110-01.xml
Log:
Fix affected versions, bug 386553
Revision Changes Path
1.2 xml/htdocs/security/en/glsa/glsa-201110-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?r1=1.1&r2=1.2
Index: glsa-201110-01.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- glsa-201110-01.xml 9 Oct 2011 15:33:50 -0000 1.1
+++ glsa-201110-01.xml 9 Oct 2011 17:31:21 -0000 1.2
@@ -9,7 +9,7 @@
</synopsis>
<product type="ebuild">openssl</product>
<announced>October 09, 2011</announced>
- <revised>October 09, 2011: 1</revised>
+ <revised>October 09, 2011: 3</revised>
<bug>303739</bug>
<bug>308011</bug>
<bug>322575</bug>
@@ -22,6 +22,7 @@
<affected>
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">1.0.0e</unaffected>
+ <unaffected range="rge">0.9.8r</unaffected>
<vulnerable range="lt">1.0.0e</vulnerable>
</package>
</affected>
@@ -76,7 +77,7 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210">CVE-2011-3210</uri>
</references>
<metadata timestamp="Fri, 07 Oct 2011 23:38:03 +0000" tag="requester">craig</metadata>
- <metadata timestamp="Sun, 09 Oct 2011 15:21:16 +0000" tag="submitter">
+ <metadata timestamp="Sun, 09 Oct 2011 17:29:32 +0000" tag="submitter">
keytoaster
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201110-01.xml
@ 2012-01-23 19:52 Tim Sammut (underling)
0 siblings, 0 replies; 4+ messages in thread
From: Tim Sammut (underling) @ 2012-01-23 19:52 UTC (permalink / raw
To: gentoo-commits
underling 12/01/23 19:52:07
Modified: glsa-201110-01.xml
Log:
Updating GLSA 201110-01 with new OpenSSL 0.9.8s
Revision Changes Path
1.3 xml/htdocs/security/en/glsa/glsa-201110-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.3&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.3&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?r1=1.2&r2=1.3
Index: glsa-201110-01.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- glsa-201110-01.xml 9 Oct 2011 17:31:21 -0000 1.2
+++ glsa-201110-01.xml 23 Jan 2012 19:52:07 -0000 1.3
@@ -8,8 +8,8 @@
execution of arbitrary code and other attacks.
</synopsis>
<product type="ebuild">openssl</product>
- <announced>October 09, 2011</announced>
- <revised>October 09, 2011: 3</revised>
+ <announced>January 23, 2012</announced>
+ <revised>January 23, 2012: 4</revised>
<bug>303739</bug>
<bug>308011</bug>
<bug>322575</bug>
@@ -23,6 +23,7 @@
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">1.0.0e</unaffected>
<unaffected range="rge">0.9.8r</unaffected>
+ <unaffected range="rge">0.9.8s</unaffected>
<vulnerable range="lt">1.0.0e</vulnerable>
</package>
</affected>
@@ -77,7 +78,7 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210">CVE-2011-3210</uri>
</references>
<metadata timestamp="Fri, 07 Oct 2011 23:38:03 +0000" tag="requester">craig</metadata>
- <metadata timestamp="Sun, 09 Oct 2011 17:29:32 +0000" tag="submitter">
+ <metadata timestamp="Mon, 23 Jan 2012 19:50:23 +0000" tag="submitter">
keytoaster
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201110-01.xml
@ 2012-01-27 16:30 Tim Sammut (underling)
0 siblings, 0 replies; 4+ messages in thread
From: Tim Sammut (underling) @ 2012-01-27 16:30 UTC (permalink / raw
To: gentoo-commits
underling 12/01/27 16:30:38
Modified: glsa-201110-01.xml
Log:
Updating GLSA 201110-01 with new OpenSSL 0.9.8t
Revision Changes Path
1.4 xml/htdocs/security/en/glsa/glsa-201110-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml?r1=1.3&r2=1.4
Index: glsa-201110-01.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201110-01.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- glsa-201110-01.xml 23 Jan 2012 19:52:07 -0000 1.3
+++ glsa-201110-01.xml 27 Jan 2012 16:30:38 -0000 1.4
@@ -8,8 +8,8 @@
execution of arbitrary code and other attacks.
</synopsis>
<product type="ebuild">openssl</product>
- <announced>January 23, 2012</announced>
- <revised>January 23, 2012: 4</revised>
+ <announced>January 27, 2012</announced>
+ <revised>January 27, 2012: 5</revised>
<bug>303739</bug>
<bug>308011</bug>
<bug>322575</bug>
@@ -24,6 +24,7 @@
<unaffected range="ge">1.0.0e</unaffected>
<unaffected range="rge">0.9.8r</unaffected>
<unaffected range="rge">0.9.8s</unaffected>
+ <unaffected range="rge">0.9.8t</unaffected>
<vulnerable range="lt">1.0.0e</vulnerable>
</package>
</affected>
@@ -78,7 +79,7 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210">CVE-2011-3210</uri>
</references>
<metadata timestamp="Fri, 07 Oct 2011 23:38:03 +0000" tag="requester">craig</metadata>
- <metadata timestamp="Mon, 23 Jan 2012 19:50:23 +0000" tag="submitter">
+ <metadata timestamp="Fri, 27 Jan 2012 16:27:31 +0000" tag="submitter">
keytoaster
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-01-27 16:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-23 19:52 [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201110-01.xml Tim Sammut (underling)
-- strict thread matches above, loose matches on Subject: below --
2012-01-27 16:30 Tim Sammut (underling)
2011-10-09 17:31 Alex Legler (a3li)
2011-10-09 15:33 Tobias Heinlein (keytoaster)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox