subject:"\"\\\\\\\[CVS\\\\\\\] OpenPKG\\\\\\\: openpkg\\\\\\\-web\\\\\\\/security\\\\\\\/ OpenPKG\\\\\\\-SA\\\\\\\-2004.007\\\\\\\-openssl.txt\""

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

2004-03-18 Thread Ralf S. Engelschall

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  

  Server: cvs.openpkg.org  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs   Email:  [EMAIL PROTECTED]
  Module: openpkg-web  Date:   18-Mar-2004 14:21:15
  Branch: HEAD Handle: 2004031813211400

  Modified files:
openpkg-web/securityOpenPKG-SA-2004.007-openssl.txt

  Log:
release OpenPKG Security Advisory 2004.007 (openssl)

  Summary:
RevisionChanges Path
1.5 +10 -0  openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  
  $ cvs diff -u -r1.4 -r1.5 OpenPKG-SA-2004.007-openssl.txt
  --- openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 13:19:40 
-  1.4
  +++ openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 13:21:14 
-  1.5
  @@ -1,3 +1,6 @@
  +-BEGIN PGP SIGNED MESSAGE-
  +Hash: SHA1
  +
   
   
   OpenPKG Security AdvisoryThe OpenPKG Project
  @@ -121,3 +124,10 @@
   for details on how to verify the integrity of this advisory.
   
   
  +-BEGIN PGP SIGNATURE-
  +Comment: OpenPKG <[EMAIL PROTECTED]>
  +
  +iD8DBQFAWaI6gHWT4GPEy58RAno0AJ9tgZtLU1hS1tZ2rlgTfL/DLOuSlQCfZMyY
  +p260tn2cKSH49rGk8H4aft0=
  +=ur9l
  +-END PGP SIGNATURE-
  @@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

2004-03-18 Thread Ralf S. Engelschall

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  

  Server: cvs.openpkg.org  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs   Email:  [EMAIL PROTECTED]
  Module: openpkg-web  Date:   18-Mar-2004 14:19:40
  Branch: HEAD Handle: 2004031813194000

  Modified files:
openpkg-web/securityOpenPKG-SA-2004.007-openssl.txt

  Log:
flush pending changes

  Summary:
RevisionChanges Path
1.4 +13 -13 openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  
  $ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2004.007-openssl.txt
  --- openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 13:18:38 
-  1.3
  +++ openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 13:19:40 
-  1.4
  @@ -24,18 +24,18 @@
links lynx lyx mailsync mico mixmaster monit
mozilla mutt mutt15 mysqlcc nagios nail neon
nessus-libs nessus-tool netdude nmap openldap
  - openssh openssl openvpn orbit2 perl-ldap perl-net
  - perl-ssl perl-www pgadmin php php3 php5 pine
  - postfix postgresql pound proftpd qpopper qt samba
  - samba3 sasl scribus sendmail siege sio sitecopy
  - snort socat squid stunnel subversion suck tcpdump
  + openssh openvpn orbit2 perl-ldap perl-net perl-ssl
  + perl-www pgadmin php php3 php5 pine postfix
  + postgresql pound proftpd qpopper qt samba samba3
  + sasl scribus sendmail siege sio sitecopy snort
  + socat squid stunnel subversion suck tcpdump
tinyproxy vorbis-tools w3m wget xine-ui
   
   OpenPKG 2.0  apache cadaver cpu curl distcache ethereal
  - fetchmail imap imapd imaputils inn ldapdiff ldapvi
  - links lynx mailsync mico mozilla mutt nail neon
  - nessus-libs nessus-tool nmap openldap openssh
  - openssl perl-ldap perl-net perl-ssl perl-www php
  + fetchmail imap imapd imaputils inn ldapdiff
  + ldapvi links lynx mailsync mico mozilla mutt
  + nail neon nessus-libs nessus-tool nmap openldap
  + openssh perl-ldap perl-net perl-ssl perl-www php
pine postfix postgresql proftpd qpopper qt samba
sasl sendmail siege sio sitecopy snort socat
squid stunnel subversion suck tcpdump tinyproxy
  @@ -43,10 +43,10 @@
   
   OpenPKG 1.3  apache cpu curl ethereal fetchmail imap imapd
inn links lynx mico mutt nail neon nmap openldap
  - openssh openssl perl-ldap perl-net perl-ssl
  - perl-www php postfix postgresql proftpd qpopper
  - samba sasl sendmail siege sio sitecopy snort socat
  - squid stunnel suck tcpdump vorbis-tools w3m wget
  + openssh perl-ldap perl-net perl-ssl perl-www php
  + postfix postgresql proftpd qpopper samba sasl
  + sendmail siege sio sitecopy snort socat squid
  + stunnel suck tcpdump vorbis-tools w3m wget
   
(*) many packages are only affected if they (or their
underlying packages) used certain TLS/SSL related
  @@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

2004-03-18 Thread Ralf S. Engelschall

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  

  Server: cvs.openpkg.org  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs   Email:  [EMAIL PROTECTED]
  Module: openpkg-web  Date:   18-Mar-2004 14:18:38
  Branch: HEAD Handle: 2004031813183800

  Modified files:
openpkg-web/securityOpenPKG-SA-2004.007-openssl.txt

  Log:
flush pending changes

  Summary:
RevisionChanges Path
1.3 +10 -10 openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  
  $ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2004.007-openssl.txt
  --- openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 12:39:10 
-  1.2
  +++ openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 13:18:38 
-  1.3
  @@ -48,28 +48,28 @@
samba sasl sendmail siege sio sitecopy snort socat
squid stunnel suck tcpdump vorbis-tools w3m wget
   
  - (*) many packages are only affected if they or their
  - underlying packages used certain TLS/SSL related
  + (*) many packages are only affected if they (or their
  + underlying packages) used certain TLS/SSL related
options ("with_xxx") during build time. Above is
a worst case list. Packages known to only use
libcrypo without libssl are not affected and were
already omitted from the list.
   
   Description:
  -  According to an OpenSSL [0] security advisory [1], denial of service
  +  According to an OpenSSL [0] security advisory [1], a denial of service
 vulnerabilities exist in OpenSSL versions 0.9.6c to 0.9.6l inclusive
 and versions 0.9.7a to 0.9.7c inclusive.
   
 Testing performed by the OpenSSL group uncovered a null-pointer
 assignment in the do_change_cipher_spec() function. The Common
 Vulnerabilities and Exposures (CVE) project assigned the id
  -  CAN-2004-0079 [3] to the problem.
  +  CAN-2004-0079 [2] to the problem.
   
 Stephen Henson discovered a flaw in SSL/TLS handshaking code
  -  when using Kerberos ciphersuites. The OpenPKG makes no use of
  -  this functionality but the patch was included anyway. The Common
  -  Vulnerabilities and Exposures (CVE) project assigned the id
  -  CAN-2004-0112 [2] to the problem.
  +  when using Kerberos ciphersuites. The OpenPKG packages make no
  +  use of this functionality but the patch was included anyway. The
  +  Common Vulnerabilities and Exposures (CVE) project assigned the id
  +  CAN-2004-0112 [3] to the problem.
   
 Please check whether you are affected by running "/bin/rpm -q
 openssl". If you have the "openssl" package installed and its version
  @@ -101,8 +101,8 @@
   
   
   References:
  -  [0] http://www.openssl.org/news/secadv_20040317.txt
  -  [1] http://www.openssl.org/
  +  [0] http://www.openssl.org/
  +  [1] http://www.openssl.org/news/secadv_20040317.txt
 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
 [4] http://www.openpkg.org/tutorial.html#regular-source
  @@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

2004-03-18 Thread Thomas Lotterer

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  

  Server: cvs.openpkg.org  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs   Email:  [EMAIL PROTECTED]
  Module: openpkg-web  Date:   18-Mar-2004 13:39:10
  Branch: HEAD Handle: 2004031812391000

  Modified files:
openpkg-web/securityOpenPKG-SA-2004.007-openssl.txt

  Log:
update package list; log kerberos issue; renumber links

  Summary:
RevisionChanges Path
1.2 +58 -46 openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt
  
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.007-openssl.txt
  --- openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 10:02:38 
-  1.1
  +++ openpkg-web/security/OpenPKG-SA-2004.007-openssl.txt  18 Mar 2004 12:39:10 
-  1.2
  @@ -1,6 +1,3 @@
  --BEGIN PGP SIGNED MESSAGE-#FIXME, this is a template
  -Hash: SHA1#FIXME, this is a template
  -  #FIXME, this is a template
   
   
   OpenPKG Security AdvisoryThe OpenPKG Project
  @@ -18,31 +15,45 @@
   OpenPKG 2.0  <= openssl-0.9.7c-2.0.0 >= openssl-0.9.7c-2.0.1
   OpenPKG 1.3  <= openssl-0.9.7b-1.3.2 >= openssl-0.9.7b-1.3.3
   
  -Affected Releases:   Dependent Packages:
  +Affected Releases:   Dependent Packages: (*)
   
  -OpenPKG CURRENT  same as OpenPKG 2.0 FIXME this list needs review
  -
  -OpenPKG 2.0  apache* bind blender cadaver cfengine cpu cups curl
  - distcache dsniff easysoap ethereal* exim fetchmail
  - imap imapd imaputils inn jabberd kde-base kde-libs
  - linc links lynx mailsync meta-core mico* mixmaster
  - monit* mozilla mutt mutt15 nail neon nessus-libs
  - nmap openldap openssh openvpn perl-ssl pgadmin php*
  - pine* postfix* postgresql pound proftpd* qpopper
  - rdesktop samba samba3 sasl scanssh sendmail* siege
  - sio* sitecopy snmp socat squid* stunnel subversion
  - suck sysmon tcpdump tinyca w3m wget xmlsec
  -
  -OpenPKG 1.3  apache* bind cfengine cpu curl ethereal* fetchmail
  - imap imapd inn links lynx mico* mutt nail neon
  - openldap openssh perl-ssl php* postfix* postgresql
  - proftpd* qpopper rdesktop samba sasl scanssh
  - sendmail* siege sio* sitecopy snmp socat squid*
  - stunnel suck sysmon tcpdump tinyca w3m wget xmlsec
  -
  - (*) marked packages are only affected if certain build
  - options ("with_xxx") were used at build time. See
  - Appendix below for details.
  +OpenPKG CURRENT  apache blender cadaver cpu cups curl distcache
  + dsniff easysoap ethereal ettercap exim fetchmail
  + firefox gq imap imapd imaputils inn jabberd
  + kde-base kde-libs ldapdiff ldapvi libnetdude linc
  + links lynx lyx mailsync mico mixmaster monit
  + mozilla mutt mutt15 mysqlcc nagios nail neon
  + nessus-libs nessus-tool netdude nmap openldap
  + openssh openssl openvpn orbit2 perl-ldap perl-net
  + perl-ssl perl-www pgadmin php php3 php5 pine
  + postfix postgresql pound proftpd qpopper qt samba
  + samba3 sasl scribus sendmail siege sio sitecopy
  + snort socat squid stunnel subversion suck tcpdump
  + tinyproxy vorbis-tools w3m wget xine-ui
  +
  +OpenPKG 2.0  apache cadaver cpu curl distcache ethereal
  + fetchmail imap imapd imaputils inn ldapdiff ldapvi
  + links lynx mailsync mico mozilla mutt nail neon
  + nessus-libs nessus-tool nmap openldap openssh
  + openssl perl-ldap perl-net perl-ssl perl-www php
  + pine postfix postgresql proftpd qpopper qt samba
  + sasl sendmail siege sio sitecopy snort socat
  + squid stunnel subversion suck tcpdump tinyproxy
  + vorbis-tools w3m wget
  +
  +OpenPKG 1.3  apache cpu curl ethereal fetchmail imap imapd
  + inn links lynx mico mutt nail neon n

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.007-openssl.txt

4 matches

Site Navigation

Mail list logo

Footer information