[Bug 214995] security/openssl-devel: CVE-2016-2178

Fri Dec 2 09:55:09 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214995

            Bug ID: 214995
           Summary: security/openssl-devel: CVE-2016-2178
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: brnrd at freebsd.org
          Reporter: m.r.sopacua at gmail.com
          Assignee: brnrd at freebsd.org
             Flags: maintainer-feedback?(brnrd at freebsd.org)

OpenSSL 1.1.0c is marked as vulnerable to CVE-2016-2178. Nothing in that CVE
suggests OpenSSL 1.1 tree ever was vulnerable as only OpenSSL 1.0.1h and lower
is marked as such.

Yet, pkg audit reports:
openssl-devel-1.1.0c is vulnerable:
OpenSSL -- vulnerability in DSA signing
CVE: CVE-2016-2178
WWW:
https://vuxml.FreeBSD.org/freebsd/6f0529e2-2e82-11e6-b2ec-b499baebfeaf.html

1 problem(s) in the installed packages found.

-- 
You are receiving this mail because:
You are the assignee for the bug.