Ubuntu
openssl package

CVE-2011-4109 erroneously listed in changelog as CVE-2011-4019

Bug #1046462 reported by juhemo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Won't Fix
Undecided
Unassigned
openssl098 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

While researching repair status for CVE-2011-4109 on Ubuntu 10.04 LTS, found details in changelog for CVE-2011-4019, which appear consistent with CVE-2011-4109. I believe that -4109 has been repaired , but has erroneously been added to the changelog as -4019. -4019 pertains to a Cisco product.

Changelog: https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8

Referred here after posting question to https://answers.launchpad.net/ubuntu/+source/openssl098/+question/207684

CVE References

Revision history for this message
juhemo (jheathmoore) wrote :

Believe I misfiled this bug under package "openssl098". Primary package is openssl, though openssl098 is likewise affected.

affects: openssl098 (Ubuntu) → openssl (Ubuntu)
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Fixed in later releases, this patch has been removed in raring (and I think previous releases)
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

Changed in openssl (Ubuntu):
status: New → Incomplete
status: Incomplete → Invalid
Changed in openssl098 (Ubuntu):
status: New → Invalid
Changed in openssl (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Adrien Nader (adrien) wrote :

There is no mention of either CVE-2011-4019 or 4109 at the moment in debian/changelog. As such there is nothing to do.

Nick Rosbrook (enr0n)
Changed in openssl (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.