Proposed package update following CVE-2015-1793 9th July 2015

Asked by Duncan Bell on 2015-07-10

Following security advisory from the openssl team, when will a new Ubuntu package be available with this fix in, or is this already in the package?

CVE-2015-1793

https://www.openssl.org/news/secadv_20150709.txt

https://www.openssl.org/source/

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
2015-07-10
Last query:
2015-07-10
Last reply:
2015-07-10

I suggest you report a bug. Mark it as a security bug

Best Manfred Hampl (m-hampl) said : #2

see http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1793.html

This vulnerability only affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o, and only the development version Ubuntu 15.04 contains one of these; and fur this one the update from 1.0.2c to 1.0.2d is already in progress (currently in wily-proposed).

Duncan Bell (duncanfbell) said : #3

Thanks Manfred Hampl, that solved my question.