Re: pkg_admin audit shows vulns for openssl-1.0.2i

To: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>
Subject: Re: pkg_admin audit shows vulns for openssl-1.0.2i
From: "Sevan / Venture37" <venture37%gmail.com@localhost>
Date: Fri, 30 Sep 2016 01:12:52 +0100

On 29 September 2016 at 15:14, Matthias Ferdinand
<mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost> wrote:
> On Mon, Sep 26, 2016 at 05:35:10PM +0000, Benny Siegert wrote:
>> I fixed this the other day. I suspect the script which uploads the file to
>> FTP has not run yet.
>
> Hi, could you please check again?
>
>     Package openssl-1.0.2j has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
>     Package openssl-1.0.2j has a side-channel vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2178
>     Package openssl-1.0.2j has a denial-of-service vulnerability, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180
>
> Or are these still open in 1.0.2j?

No, entries should be amended now.


Sevan

References:
- pkg_admin audit shows vulns for openssl-1.0.2i
  - From: Matthias Ferdinand
- Re: pkg_admin audit shows vulns for openssl-1.0.2i
  - From: Benny Siegert
- Re: pkg_admin audit shows vulns for openssl-1.0.2i
  - From: Matthias Ferdinand

Prev by Date: Re: samba4
Next by Date: Re: Thoughts on building lang/gcc packages without Java support
Previous by Thread: Re: pkg_admin audit shows vulns for openssl-1.0.2i
Next by Thread: Updated FreeBSD/amd64 10.3 repo
Indexes:

Home | Main Index | Thread Index | Old Index