[MacPorts] #38015: OpenSSL 1.0.1d Broken

Mon Feb 11 01:24:31 PST 2013

#38015: OpenSSL 1.0.1d Broken
--------------------------+-------------------
  Reporter:  dylanryan@…  |      Owner:  mww@…
      Type:  defect       |     Status:  new
  Priority:  Normal       |  Milestone:
 Component:  ports        |    Version:  2.1.3
Resolution:               |   Keywords:
      Port:  OpenSSL      |
--------------------------+-------------------

Comment (by cal@…):

 Replying to [comment:6 jmr@…]:
 > Please apply the fix rather than reverting to 1.0.1c, as 1.0.1d also
 fixes some CVEs.

 The commit that broke compatibility in the first place was the one fixing
 two out of three of these CVEs. I haven't found any comment by upstream on
 whether they claim their fix for the issue also closes these. The third
 CVE left over is only a DoS. Debian is holding off the update, and so
 should we, unless somebody of you knows his way around the crypto code at
 hand (people have previously failed at patching openssl…).

-- 
Ticket URL: <https://trac.macports.org/ticket/38015#comment:8>
MacPorts <http://www.macports.org/>
Ports system for Mac OS