[Bug 146269]

Fri Oct 14 20:16:36 UTC 2011

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

** Changed in: openssl097 (Ubuntu Dapper)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/146269

Title:
  [openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer
  overflow

Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl097” package in Ubuntu:
  Invalid
Status in “openssl” source package in Dapper:
  Fix Released
Status in “openssl097” source package in Dapper:
  Won't Fix
Status in “openssl” source package in Feisty:
  Fix Released
Status in “openssl097” source package in Feisty:
  Won't Fix
Status in “openssl” source package in Gutsy:
  Fix Released
Status in “openssl097” source package in Gutsy:
  Invalid

Bug description:
  Binary package hint: openssl

  openssl 0.9.8e and 0.9.7k still have a off-by-one buffer overflow...
  this is fixed in latest openssl CVS...

  Read about it: http://www.securityfocus.com/archive/1/480855/30/0/threaded
  And CVS Fix: http://cvs.openssl.org/chngview?cn=16587

  Please find attached a debdiff against latest version of openssl in
  gutsy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/146269/+subscriptions