Hi Kurt, On Sat, Dec 21, 2013 at 09:35:38AM +0100, Kurt Roeckx wrote: > On Sat, Dec 21, 2013 at 08:16:42AM +0100, Salvatore Bonaccorso wrote: > > Package: openssl > > Version: 1.0.1e-2 > > Severity: grave > > Tags: security upstream patch > > > > Hi, > > > > the following vulnerability was published for openssl. > > > > CVE-2013-6449[0]: > > crash when using TLS 1.2 > > > > It was reported in Apache Traffic Server[1] and upstream at [2], see > > also [3]. I was not able to reproduce any crash myself, just checking > > against the openssl source package to verify upstrem patches apply. > > See [4] and [5] for the patches applied. > > I was expecting this, and planning an upload for it already. I'll > prepare an upload later today.
Thanks! > I have a bunch of other patches that I'd like to see reach stable, > but I'm not sure how many of those you like in a DSA. Okay. Could you sent what you are thinking off, to the security team alias, so that somebody the team can comment/have a look/...? Is this about #720426? (If so an 'ack' from the Release Team would be needed also to have them included). Regards, Salvatore
signature.asc
Description: Digital signature
