Overview
Request 236457 superseded
- updated openssl to 1.0.1h (bnc#880891):
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
OpenSSL DTLS client the code can be made to recurse eventually crashing
in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to
an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
ECDH ciphersuites are subject to a denial of service attack.
- openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream
- CVE-2014-0198.patch: removed, upstream
- 0009-Fix-double-frees.patch: removed, upstream
- 0012-Fix-eckey_priv_encode.patch: removed, upstream
- 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream
- 0018-fix-coverity-issues-966593-966596.patch: removed, upstream
- 0020-Initialize-num-properly.patch: removed, upstream
- 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream
- 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream
- 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream
- 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream
- 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase
- openssl-1.0.1c-ipv6-apps.patch: refreshed
- openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed
- Added new SUSE default cipher suite
openssl-1.0.1e-add-suse-default-cipher.patch
- Created by lnussel
- In state superseded
- Supersedes 236454
- Superseded by 236989
Request History
lnussel created request
- updated openssl to 1.0.1h (bnc#880891):
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
OpenSSL DTLS client the code can be made to recurse eventually crashing
in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to
an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
ECDH ciphersuites are subject to a denial of service attack.
- openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream
- CVE-2014-0198.patch: removed, upstream
- 0009-Fix-double-frees.patch: removed, upstream
- 0012-Fix-eckey_priv_encode.patch: removed, upstream
- 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream
- 0018-fix-coverity-issues-966593-966596.patch: removed, upstream
- 0020-Initialize-num-properly.patch: removed, upstream
- 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream
- 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream
- 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream
- 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream
- 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase
- openssl-1.0.1c-ipv6-apps.patch: refreshed
- openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed
- Added new SUSE default cipher suite
openssl-1.0.1e-add-suse-default-cipher.patch
factory-auto accepted review
Check script succeeded
factory-auto added a reviewer
Please review sources
factory-auto added a reviewer
Please review build success
factory-auto added a reviewer
Pick Staging Project
licensedigger accepted review
{"approve": "version update 1.0.1g -> 1.0.1h covered by ldb"}
coolo accepted review
Picked openSUSE:Factory:Staging:G
coolo added a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:G"
factory-repo-checker accepted review
Builds for repo openSUSE_Factory
mrdocs accepted review
checkin
mlin7442 accepted review
Reviewed by staging project "openSUSE:Factory:Staging:G" with result: "accepted"
mlin7442 approved review
Reviewed by staging project "openSUSE:Factory:Staging:G" with result: "accepted"
mlin7442 added a reviewer
Please recheck
mlin7442 added a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:H"
mlin7442 accepted review
Picked openSUSE:Factory:Staging:H
mlin7442 added a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:J"
mlin7442 accepted review
Moved to openSUSE:Factory:Staging:J
mlin7442 added a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:H"
mlin7442 accepted review
Moved to openSUSE:Factory:Staging:H
mlin7442 declined review
perl-NET-SSLeay build failed during key verification test https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:H/perl-Net-SSLeay/standard/x86_64
mlin7442 declined request
perl-NET-SSLeay build failed during key verification test https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:H/perl-Net-SSLeay/standard/x86_64
superseded by 236989
