This bug was fixed in the package openssl - 1.0.1e-3ubuntu1.5 --------------- openssl (1.0.1e-3ubuntu1.5) saucy-security; urgency=medium
* SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297) - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using tls_session_secret_cb for session resumption in ssl/s3_clnt.c. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 12 Jun 2014 08:30:03 -0400 ** Changed in: openssl (Ubuntu Saucy) Status: Confirmed => Fix Released ** Changed in: openssl (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1329297 Title: openssl CVE-2014-0224 fix broke tls_session_secret_cb and EAP-FAST To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1329297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs