On Sat, Dec 21, 2013 at 08:16:42AM +0100, Salvatore Bonaccorso wrote: > Package: openssl > Version: 1.0.1e-2 > Severity: grave > Tags: security upstream patch > > Hi, > > the following vulnerability was published for openssl. > > CVE-2013-6449[0]: > crash when using TLS 1.2 > > It was reported in Apache Traffic Server[1] and upstream at [2], see > also [3]. I was not able to reproduce any crash myself, just checking > against the openssl source package to verify upstrem patches apply. > See [4] and [5] for the patches applied.
I was expecting this, and planning an upload for it already. I'll prepare an upload later today. I have a bunch of other patches that I'd like to see reach stable, but I'm not sure how many of those you like in a DSA. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
