Debian Bug report logs - #389940
Security: OpenSSL Security Advisory [28th September 2006]

version graph

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>

Date: Thu, 28 Sep 2006 13:49:16 UTC

Severity: critical

Tags: fixed-upstream, security

Found in version all

Fixed in version 0.9.8c-2

Done: Kurt Roeckx <kurt@roeckx.be>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#389940; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>
To: submit@bugs.debian.org
Subject: Security: OpenSSL Security Advisory [28th September 2006]
Date: Thu, 28 Sep 2006 15:46:37 +0200 (CEST)
Package: openssl
Version: all
Severity: critical
Tags: security, fixed-upstream

Several critical security problems were found in OpenSSL, allowing remote DoS
and possibly arbitrary code execution.

See
http://www.openssl.org/news/secadv_20060928.txt


CVE-2006-2937, CVE-2006-2940, CVE-2006-3738







Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 389940-done@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>, 389940-done@bugs.debian.org
Subject: Re: Bug#389940: Security: OpenSSL Security Advisory [28th September 2006]
Date: Fri, 29 Sep 2006 00:22:51 +0200
Version: 0.9.8c-2

On Thu, Sep 28, 2006 at 03:46:37PM +0200, debian-bts@spamblock.netzgehirn.de wrote:
> Package: openssl
> Version: all
> Severity: critical
> Tags: security, fixed-upstream
> 
> Several critical security problems were found in OpenSSL, allowing remote DoS
> and possibly arbitrary code execution.
> 
> See
> http://www.openssl.org/news/secadv_20060928.txt
> 
> 
> CVE-2006-2937, CVE-2006-2940, CVE-2006-3738

I've uploaded openssl 0.9.8c-2 and openssl097 0.9.7k-2 to unstable,
the security team has uploaded openssl 0.9.7e-3sarge3 to stable.

I have no idea if they are going to backport the changes to openssl096.


Note that they all also fix CVE-2006-4343.


Kurt




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 08:14:25 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 01:02:21 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.