[arch-security] OpenSSL: CVE-2014-0198
ushi
ushi+arch at honkgong.info
Sun May 18 13:36:33 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 18.05.2014 18:29, schrieb Mark Lee:
> To all,
>
> I already reported this. Here was my response from one of the
> developers:
>
> Regards, Mark
>
>
>> Am 03.05.2014 20:32, schrieb Mark Lee:
>>> To All,
>>>
>>> Will Arch patch their version of OpenSSL?
>
>> Hi,
>
>> my policy with openssl is to only follow upstream releases if
>> possible. If we really need to apply patches they should already
>> be committed into the upstream git repo.
>
>> Greetings,
>
>> Pierre
>
>> -- Pierre Schmitz, https://pierre-schmitz.com
>> _______________________________________________ arch-security
>> mailing list arch-security at archlinux.org
>> https://mailman.archlinux.org/mailman/listinfo/arch-security
Well, the commit is there:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b107586
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJTeO+hAAoJEAAoDO4PlX3gs5oQAJ7PTlgwxPzoyTgXDK7n5B2O
ptnqTPxLG4rPfWdpTQuqZ66ovESu6ql1uZt2Nz3CLJZintuRUJwC1RONbgHpdOzE
2rjaMqq90k3PbpD1vf6kavWEHFxUZtqgywNovVPnv9jObtBo78n9Z4HFX1FqqAb8
T1XMQI5/gG1CS5uLI/AZIcysxmQJRANmn3L6wy8PxdA3BWuZErrsydZY7azWTExi
oAxoRjzeVe0Iw5PAiHIq/1/nY/AK47+TJi78tTPAJMSpSf3W/3ZJMQR+uLHu2CDP
Iwfzh7eApN/qnahoegDGC8a7wTZhakCevIpG3ulNXe+mAyEx4w1EtI/noai162gR
AK9ZKyjZb6L5v2CV+3dURUnAu85yvaTaFC/AwG0ZEbcsE9FL7+NW8zZfgPTDwgnM
hlrnp8/R/o1dDLb5zTgbEnKQY6AXAuX6Gz1EW5u5ftcGlLRD+8Apzb4rcoN0BFFp
+SMBfZ5yCAXMI4kHspyZdLJZHE07waM36tze0Wbhh+vYAngAQHclOYuYiUQhEycl
BvZqFGL5C6bO1lrNK619GF2n6Fwyin99TTO6AV44NIWiqsvRpwq2H19ETPXP+O2O
nnzcFO1M5ceNkV5VdjT1dpckGJsA5cHRKVcq8chHEQhqNAq9wkfk23Aw3NPVTe0q
zAOVZI4FizeRKTZBuBm7
=XzHf
-----END PGP SIGNATURE-----
More information about the arch-security
mailing list