Opened 8 years ago

Closed 8 years ago

#7490 closed enhancement (fixed)


Reported by: Armin K Owned by: ken@…
Priority: highest Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:


Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
Bleichenbacher oracle in SSLv2 (CVE-2016-0704)

Change History (2)

comment:1 by ken@…, 8 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

Because this turns off SSLv2, at least curl (specifically, which is used by something in libreoffice's configure, and Python3, need to be recompiled to stop referencing SSLv2 functions.

comment:2 by ken@…, 8 years ago

Resolution: fixed
Status: assignedclosed

Done at r17045

Note: See TracTickets for help on using tickets.