Salvatore Bonaccorso
2012-Apr-24 20:27 UTC
[Secure-testing-team] Bug#670317: openssl: ASN1 BIO incomplete fix (CVE-2012-2131)
Source: openssl Version: 0.9.8o-4squeeze11 Severity: grave Tags: security Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi It was announced that the fix for CVE-2012-2110 was incomplete [1]. It was assignet CVE-2012-2131 to this. Upstream CVS contains a fix for this at [2]. [1]: http://marc.info/?l=openssl-dev&m=133525318514423&w=2 [2]: http://cvs.openssl.org/chngview?cn=22479 Regards, Salvatore - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, ''unstable'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPlwyhAAoJEHidbwV/2GP+ETQP/2snwLPjocPYH56uRXZx5Ec9 WVjcn236/O4+rw5J3nCWjRBNOETxlkMaH/zUjLcfMEM4h4g3ST0ZRKIoi9qSJSvG CDS5/yGUYeIAr1D4QVLuF5lkfXICiDfB8Olykeq1eIGqDijmQNLI6KEnKdefW2Du 28KVE8fM014c3/+mJGD3ORb/aimfnp+htTEFCReKBxA3V1urrVrFmq/vjqSjtlHe ySIN2Wmmg+okx/s10l5B4h2MAMV0ipmjCqFqskTim3N1C9DLRXnONbY56Fn0UbRj IYBcuJ6Of686G5PFuIBLhrHRtgba1y0eVtMZNjlgcINcPsJNqShlUojY7kUTw/lL J4LzHJBLTwa6Ki1jhgUGCKlPbdMmAh2yoFh/XzOMZSAMaYJmQkaxupjjjkmKBefs jB6687mX+aLghoyAUbEnfFLZFFR2RED8Ddyt1c5xBKRNJoyC0QAaDK2flFSzuLao vXfYX98Hs4FVu2I/wyCoJg5gBayS3nx6lPiKbqOvQGiwEAJHdLRYBkfd28YhZwqI ZXj2QhKexQ+3A6oA0OzC9zjqLP/uQyUAEk0Z1o2tdvHvZXEyMZoMy6jA6QxgrrE4 MVy1x3ORMKE32qv+nqIxZF7B6vMssFQCyCT2RSGUBJu8vc4bknXZfLGXm5QLB5M8 kZ0vd+2F6Pw9W/ZKuo6m =YBqH -----END PGP SIGNATURE-----