Bug 12557 (int-173135)

Summary: openssl: CVE-2010-0742: Cryptographic Message Syntax vulnerability
Product: [Extras] Maemo 5 Community SSU Reporter: Andre Klapper <andre_klapper>
Component: generalAssignee: unassigned <nobody>
Status: RESOLVED FIXED QA Contact: general
Severity: major    
Priority: Unspecified CC: christian_ratzenhofer
Version: testingKeywords: patch, security
Target Milestone: ---   
Hardware: N900   
OS: Maemo   

Description Andre Klapper (reporter) maemo.org 2012-01-21 19:01:53 UTC
SOFTWARE VERSION:
21.2011.38-1Tmaemo1.2 (17.01.2012)
openssl 0.9.8n-1+maemo4+0m5 as officially shipped

DESCRIPTION:
See https://www.redhat.com/security/data/cve/CVE-2010-0742.html

UPSTREAM PATCH:
http://cvs.openssl.org/chngview?cn=19693
Comment 1 Christian Ratzenhofer 2012-04-07 20:07:10 UTC
This has been fixed for the Community SSU Updates in package
openssl (0.9.8n-1+maemo4+0m5+0cssu0)
which is part of the build version
21.2011.38-1Tmaemo3
(Note: 21.2011.38-1is the latest official Nokia version.
The number after it indicates the Community SSU release version.)

Commit:
https://gitorious.org/community-ssu/openssl/commit/284e632b1dc7772d7e118b7527967126438e3644

For more information about Community SSU please see
http://wiki.maemo.org/Community_SSU