Date: Fri, 02 Dec 2016 09:55:08 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 214995] security/openssl-devel: CVE-2016-2178 Message-ID: <bug-214995-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214995 Bug ID: 214995 Summary: security/openssl-devel: CVE-2016-2178 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: brnrd@freebsd.org Reporter: m.r.sopacua@gmail.com Assignee: brnrd@freebsd.org Flags: maintainer-feedback?(brnrd@freebsd.org) OpenSSL 1.1.0c is marked as vulnerable to CVE-2016-2178. Nothing in that CVE suggests OpenSSL 1.1 tree ever was vulnerable as only OpenSSL 1.0.1h and lo= wer is marked as such. Yet, pkg audit reports: openssl-devel-1.1.0c is vulnerable: OpenSSL -- vulnerability in DSA signing CVE: CVE-2016-2178 WWW: https://vuxml.FreeBSD.org/freebsd/6f0529e2-2e82-11e6-b2ec-b499baebfeaf.html 1 problem(s) in the installed packages found. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214995-13>