Bug 1127896 - mingw32-openssl: multiple unfixed security flaws
Summary: mingw32-openssl: multiple unfixed security flaws
Status: CLOSED WONTFIX
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: mingw32-openssl
Version: el5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Richard W.M. Jones
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387 CVE-2009-3555 CVE-2009-4355 CVE-2010-0433 CVE-2009-3245 CVE-2010-0740 CVE-2010-0742 CVE-2010-3864 CVE-2010-4180 CVE-2011-0014 CVE-2013-0166
TreeView+ depends on / blocked
 
Reported: 2014-08-07 19:00 UTC by Tomas Hoger
Modified: 2014-09-01 13:32 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2014-09-01 13:32:29 UTC


Attachments (Terms of Use)

Description Tomas Hoger 2014-08-07 19:00:24 UTC
Looking at the list of bugs for mingw32-openssl in EPEL-5 for various security issues, I did a cross check of what's tracked, and what is listed as affecting 0.9.8j on the upstream vulnerability page:

https://www.openssl.org/news/vulnerabilities.html

The check yielded another long list of issues that were never fixed in EPEL-5.

CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0433 CVE-2010-0740 CVE-2010-0742 CVE-2010-3864 CVE-2010-4180 CVE-2011-0014 CVE-2013-0166

+ CVE-2009-0789, which may not affect mingw32-openssl

Comment 1 Erik van Pienbroek 2014-09-01 13:32:29 UTC
All mingw32 packages have been removed from EPEL-5 as per https://fedorahosted.org/rel-eng/ticket/5977


Note You need to log in before you can comment on or make changes to this bug.