Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-commits
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-commits@g.o
From: "Pierre-Yves Rofes (py)" <py@g.o>
Subject: gentoo commit in xml/htdocs/security/en/glsa: glsa-200710-30.xml
Date: Tue, 30 Oct 2007 21:14:05 +0000
py          07/10/30 21:14:05

  Added:                glsa-200710-30.xml
  GLSA 200710-30

Revision  Changes    Path
1.1                  xml/htdocs/security/en/glsa/glsa-200710-30.xml

file :

Index: glsa-200710-30.xml
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

<glsa id="200710-30">
  <title>OpenSSL: Remote execution of arbitrary code</title>
    OpenSSL contains a vulnerability allowing execution of arbitrary code or a
    Denial of Service.
  <product type="ebuild">openssl</product>
  <announced>October 27, 2007</announced>
  <revised>October 30, 2007: 02</revised>
    <package name="dev-libs/openssl" auto="yes" arch="*">
      <unaffected range="lt">0.9.8f</unaffected>
      <vulnerable range="ge">0.9.8f</vulnerable>
    OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
    (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
    purpose cryptography library.
    Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is
    caused due to an unspecified off-by-one error within the DTLS
  <impact type="high">
    A remote attacker could exploit this issue to execute arbitrary code or
    cause a Denial of Service. Only clients and servers explicitly using
    DTLS are affected, systems using SSL and TLS are not.
    There is no known workaround at this time.
    All OpenSSL users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose &quot;&gt;=dev-libs/openssl-0.9.8f&quot;</code>
    <uri link="">CVE-2007-4995</uri>
  <metadata tag="requester" timestamp="Tue, 16 Oct 2007 17:07:11 +0000">
  <metadata tag="bugReady" timestamp="Tue, 16 Oct 2007 17:07:40 +0000">
  <metadata tag="submitter" timestamp="Tue, 23 Oct 2007 17:06:07 +0000">

gentoo-commits@g.o mailing list

Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
gentoo commit in src/releng/specs/2007.1/x86/i686: livedvd-stage1.spec
Next by thread:
gentoo commit in xml/htdocs/security/en/glsa: glsa-200710-30.xml
Previous by date:
gentoo-x86 commit in profiles: ChangeLog package.mask
Next by date:
gentoo-x86 commit in net-irc/mistbot: mistbot-0.9.ebuild

Updated Apr 11, 2012

Summary: Archive of the gentoo-commits mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.