Mantis - libssl1_0_0
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5162 major have not tried 2014-04-08 16:05 2014-06-06 14:09
Reporter: briandking Platform:  
Assigned To: yann OS:  
Priority: normal OS Version:  
Status: closed Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0005162: OpenSSL "HeartBleed" vulnerability - http://www.kb.cert.org/vuls/id/720951 [^]
Description: OpenSSL 1.0.1f has a serious security flaw and requires immediate updating to 1.0.1g.

References:
http://www.openssl.org/news/secadv_20140407.txt [^]
http://www.kb.cert.org/vuls/id/720951 [^]
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:
Issue History
Date Modified Username Field Change
2014-04-08 16:05 briandking New Issue
2014-04-08 16:11 maciej Note Added: 0010794
2014-04-08 18:58 yann Status new => assigned
2014-04-08 18:58 yann Assigned To => yann
2014-04-08 19:00 yann Note Added: 0010795
2014-04-08 19:38 yann Note Added: 0010796
2014-04-10 01:59 briandking Note Added: 0010797
2014-04-10 21:22 yann Note Added: 0010798
2014-04-10 21:22 yann Status assigned => resolved
2014-04-10 21:22 yann Resolution open => fixed
2014-06-06 14:09 yann Status resolved => closed

Notes
(0010794)
maciej   
2014-04-08 16:11   
First attempt failed: 1.0.1g does not build on Solaris.
(0010795)
yann   
2014-04-08 19:00   
Hi,

The last openssl packages are already available in my experimental repository.
You can grab them using the following line:
 pkgutil -t http://buildfarm.opencsw.org/opencsw/experimental/yann [^] -Uu

I am currently making sure they work fine and I will then push them to unstable.

Yann
(0010796)
yann   
2014-04-08 19:38   
The packages have just been uploaded in the unstable repository.
They should be soon mirrored on all the mirrors.
(0010797)
briandking   
2014-04-10 01:59   
Thanks for the quick response. We are testing the packages now and they seem fine.
(0010798)
yann   
2014-04-10 21:22   
The new version has been uploaded in all affected releases.

I am closing this bug.