Re: audit messages for openssl-1.0.2a?

To: mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost
Subject: Re: audit messages for openssl-1.0.2a?
From: Ryo ONODERA <ryo_on%yk.rim.or.jp@localhost>
Date: Sat, 21 Mar 2015 03:05:38 +0900 (JST)

Hi,

From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>, Date: Fri, 20 Mar 2015 16:55:27 +0100

> Hi,
> 
> after upgrading (from pkgsrc-current) to openssl-1.0.2a, I still get
> two audit messages:
> 
>     Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
>     Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
> 
> From what I understand in the openssl advisory at
> http://www.openssl.org/news/secadv_20150319.txt, these vulnerabilites
> should be fixed in 1.0.2a. Aren't they?

I have uploaded latest pkg-vulnerabilities.
Please download it again.

Thank you.

> Regards
> Matthias

--
Ryo ONODERA // ryo_on%yk.rim.or.jp@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

Follow-Ups:
- Re: audit messages for openssl-1.0.2a?
  - From: Matthias Ferdinand

References:
- audit messages for openssl-1.0.2a?
  - From: Matthias Ferdinand

Prev by Date: audit messages for openssl-1.0.2a?
Next by Date: Re: audit messages for openssl-1.0.2a?
Previous by Thread: audit messages for openssl-1.0.2a?
Next by Thread: Re: audit messages for openssl-1.0.2a?
Indexes:

Home | Main Index | Thread Index | Old Index