-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To all, I already reported this. Here was my response from one of the developers: Regards, Mark
Am 03.05.2014 20:32, schrieb Mark Lee:
To All,
Will Arch patch their version of OpenSSL?
Hi,
my policy with openssl is to only follow upstream releases if possible. If we really need to apply patches they should already be committed into the upstream git repo.
Greetings,
Pierre
-- Pierre Schmitz, https://pierre-schmitz.com _______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
On 05/18/2014 11:32 AM, ushi wrote:
Hey all,
This affects OpenSSL 1.x through 1.0.1g - The function do_ssl3_write is broken, when used with SSL_MODE_RELEASE_BUFFERS.
According to the RedHat bug tracker, this is done at least by ruby and nodejs:
https://bugzilla.redhat.com/show_bug.cgi?id=1093837#c1
Nist:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198
Debian Security Tracker:
https://security-tracker.debian.org/tracker/CVE-2014-0198
Fix:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b107586
_______________________________________________
arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlN44AEACgkQZ/Z80n6+J/bglQD+NBqiobR1AARw+Ma01hFixlaO jHgH7itn24fGRojGqN4A/RclYBgqbP4KTWKGrQSTZFNGdR9oqG5fprguv3h1rPx2 =51pJ -----END PGP SIGNATURE-----