[Bug 1329297] Re: openssl CVE-2014-0224 fix broke tls_session_secret_cb and EAP-FAST

Launchpad Bug Tracker Thu, 12 Jun 2014 10:01:24 -0700

This bug was fixed in the package openssl - 1.0.1f-1ubuntu5

---------------
openssl (1.0.1f-1ubuntu5) utopic; urgency=medium


  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>   Thu, 12 Jun 2014 08:23:12 
-0400

** Changed in: openssl (Ubuntu Utopic)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0224

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1329297

Title:
  openssl CVE-2014-0224 fix broke tls_session_secret_cb and EAP-FAST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1329297/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1329297] Re: openssl CVE-2014-0224 fix broke tls_session_secret_cb and EAP-FAST

Reply via email to