pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg_admin audit shows vulns for openssl-1.0.2i



Hi,

the command sequence

    pkg_admin fetch-pkg-vulnerabilities
    pkg_admin audit

still shows these vulnerabilities for the recently updated
openssl-1.0.2i:

    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
    Package openssl-1.0.2i has a side-channel vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2178
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2179
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2181
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2182
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6302
    Package openssl-1.0.2i has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6303

Weren't these vulns supposed to be fixed in 1.0.2i? Perhaps the vuln db
needs updating?

Regards
Matthias


Home | Main Index | Thread Index | Old Index