Open registration is disabled at the moment due to spam.If you need a new account, please contact Keto on oftc.net IRC and provide your desired username and email.
This Bugzilla instance is no longer in active use, so you should only need an account if you wish to use the Sailfish OS community OBS.
Bug 336 - update openssl to 1.0.0j (or 1.0.1c) [CVE-2012-2333]
Summary: update openssl to 1.0.0j (or 1.0.1c) [CVE-2012-2333]
Status: RESOLVED FIXED
Alias: None
Product: Mer Core
Classification: Unclassified
Component: openssl (show other bugs)
Version: unspecified
Hardware: Other Mer
: High task
Assignee: Marko Saukko
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-18 20:24 UTC by -- --
Modified: 2012-07-02 19:33 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description -- -- 2012-05-18 20:24:02 UTC 
http://www.openssl.org/news/secadv_20120510.txt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333

http://www.openssl.org/source/
May 10 17:20:24 2012 openssl-1.0.1c.tar.gz [LATEST]
May 10 17:07:50 2012 openssl-1.0.0j.tar.gz

note: 1.0.1 is current stable branch; 1.0.0 is in bug/security fix support mode only.
Comment 1 David Greaves 2012-05-21 11:19:03 UTC 
triaged

previous ssl CVE is being reviewed then this will be actioned.
Comment 2 David Greaves 2012-06-07 15:02:04 UTC 
Mer#284 is now closed - this bug can be actioned
Comment 3 Marko Saukko 2012-07-02 19:33:04 UTC 
fixed in http://review.merproject.org/635