CVE-2016-2182.patch has broken BN_bn2dec
Bug #1626773 reported by
Jeroen Ooms
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
My software which links to libcrypto stopped working on both Ubuntu 12.04 / 14.04 / 16.04 last week.
The problem is that BN_bn2dec returns NULL all the time (without setting an error message) even for valid input values. I think is a bug in CVE-2016-
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #1 |
| Changed in openssl (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Jeroen Ooms (jeroen) wrote | #2 |
| summary: |
- CVE-2016-2182.patch has broken BN_bn2dec broken in 1.0.1 + CVE-2016-2182.patch has broken BN_bn2dec |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #3 |
Revision history for this message
| Jeroen Ooms (jeroen) wrote | #4 |
| Changed in openssl (Ubuntu): | |
| status: | Incomplete → Fix Released |
To post a comment you must log in.
Can you provide some more details? USN-3087-1 was released just a few hours ago; if your software stopped working last week, it'd be worth investigating what packages changed last week, rather than today.
Thanks