Ubuntu
openssl package

Regression in openssl 1.0.1f for trusty/esm after last update

Bug #1942357 reported by Leonidas S. Barbosa on 2021-09-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openssl (Ubuntu)	Invalid	Undecided	Leonidas S. Barbosa
	Trusty	Fix Released	Undecided	Unassigned

Bug Description

A security regression was reported by Johannes Wegener that is causing a regression in the last openssl1.0.1f in trusty/esm.

[How to reproduce]
1. Install Openssl/libssl1.0.0 Version 1.0.1f-1ubuntu2.27+esm3 on
ubuntu 14.04
2. openssl s_client -connect wikipedia.org:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > wikipedia.pem
3. openssl x509 -noout -ocsp_uri -in wikipedia.pem

Expected it prints: http://r3.o.lencr.org
Issue: it's not printing anything.

Thanks Johannes for report this issue.

Leonidas S. Barbosa (leosilvab) on 2021-09-01

Changed in openssl (Ubuntu):
status:	New → In Progress
assignee:	nobody → Leonidas S. Barbosa (leosilvab)
Changed in openssl (Ubuntu Trusty):
status:	New → Confirmed

Revision history for this message

Leonidas S. Barbosa (leosilvab) wrote on 2021-09-01:

https://ubuntu.com/security/notices/USN-5051-4

Changed in openssl (Ubuntu Trusty):
status:	Confirmed → Fix Released

Dimitri John Ledkov (xnox) on 2021-09-21

Changed in openssl (Ubuntu):
status:	In Progress → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenssl package

Regression in openssl 1.0.1f for trusty/esm after last update

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
openssl package