Bug#792646: marked as done (wolfssl: CVE-2014-2901 CVE-2014-2902 CVE-2014-2903 CVE-2014-2904)

Thu, 23 Jul 2015 04:28:40 -0700 

Your message dated Thu, 23 Jul 2015 04:07:59 -0700
with message-id 
<CAFHYt55Q7wdNA4pFvS=nycnbkxk5pm7mnoxnshyx+6zxidn...@mail.gmail.com>
and subject line Vulnerabilities not present in initial upload
has caused the Debian Bug report #792646,
regarding wolfssl: CVE-2014-2901 CVE-2014-2902 CVE-2014-2903 CVE-2014-2904
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
792646: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: cyassl
Severity: grave
Tags: security

Please see https://marc.info/?l=oss-security&m=139779940032403&w=2

On a related note:
I noticed that mysql/mariadb hasn't switched to using cyassl. Without
any rev deps we should rather avoid including it in jessie IMO and
base on cyassl for jessie+1.

Cheers,
        Moritz

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
The vulnerabilities listed in the subject line (and in later messages in
the bug) were never present in the initial upload of version 3.4.8. They
were transferred from cyassl when the package name was changed.

CVE-2014-2901 fixed in upstream version 3.2.0
CVE-2014-2902 fixed in upstream version 3.2.0
CVE-2014-2903 fixed in upstream version 3.2.0
CVE-2014-2904 fixed in upstream version 3.2.0

https://www.wolfssl.com/wolfSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html

CVE-2014-6491 never present, specific to MySQL and deprecated yaSSL product
CVE-2014-6494 never present, specific to MySQL and deprecated yaSSL product
CVE-2014-6495 never present, specific to MySQL and deprecated yaSSL product
CVE-2014-6496 never present, specific to MySQL and deprecated yaSSL product
CVE-2014-6500 never present, specific to MySQL and deprecated yaSSL product

Information directly from upstream.

--- End Message ---

Reply via email to