Overview

File _patchinfo of Package patchinfo.70

<patchinfo incident="openssl">
  <packager>lijews</packager>
  <issue tracker="cve" id="CVE-2012-2686"></issue>
  <issue tracker="cve" id="CVE-2013-0166"></issue>
  <issue tracker="cve" id="CVE-2013-0169"></issue>
  <issue tracker="bnc" id="757773">ldap-client yast module requires certificates with "*.pem" name schema</issue>
  <issue tracker="bnc" id="802648">VUL-0: CVE-2013-0169: openssl 1.0.1d/1.0.0k/0.9.8y release (lucky thirteen 13)</issue>
  <issue tracker="bnc" id="802746">VUL-0: CVE-2013-0166: openssl: OCSP invalid key DoS issue</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>openssl: security and bugfix update to 1.0.0k</summary>
  <description>openssl was updated to 1.0.0k security release 
  to fix bugs and security issues. (bnc#802648 bnc#802746)
  
  The version was upgraded to avoid backporting the large fixes for
  SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
  TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)
  OCSP invalid key DoS issue (CVE-2013-0166)

  Also the following bugfix was included:
  bnc#757773 - c_rehash to accept more filename extensions</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places