OpenSSL flaw in June 2012 not fixed?

Asked by A. Denton on 2012-06-25

AFAIK there were one or two flaws within openssl reported by the certs in June this year. I wonder whether none of them affects openssl 0.9.8g-4ubuntu3.19 for hardy.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Solved by:
A. Denton
Solved:
2012-06-26
Last query:
2012-06-26
Last reply:
2012-06-26

I suggest you post a bug stating that you suspect the issue may affect Hardy too, or you could post on the current bug and express your concern. Its a valid point though. Hardy server is EOL in April next year so you may want to consider upgrading.

A. Denton (aquina) said : #2

I double checked the certs and found the following:

https://www.cert-bund.de/advisoryshort/CB-K12-0208%20UPDATE%203
http://www.ubuntu.com/usn/usn-1451-1/

https://www.cert-bund.de/advisoryshort/CB-K12-0103%20UPDATE%204
http://www.ubuntu.com/usn/usn-1451-1/

https://launchpad.net/ubuntu/+source/openssl

It seems like the message from May 25th and that one from May 30th refer to the same CVE-2012-0884 and CVE-2012-2333. I must have overlooked that. :-(