Information on source package openssl

Available versions

ReleaseVersion
squeeze, squeeze0.9.8o-4squeeze14
wheezy1.0.1e-2+deb7u4
wheezy1.0.1e-2+deb7u7
jessie1.0.1g-2
sid1.0.1g-3

Open issues

BugsqueezewheezyjessiesidDescription
CVE-2010-5298fixedvulnerablevulnerablefixedRace condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ...
CVE-2012-4929vulnerablevulnerablefixedfixedThe TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...
CVE-2014-0076vulnerablevulnerablefixedfixedThe Montgomery ladder implementation in OpenSSL through 1.0.0l does ...

Open unimportant issues

BugsqueezewheezyjessiesidDescription
CVE-2007-6755vulnerablevulnerablevulnerablevulnerableThe NIST SP 800-90A default statement of the Dual Elliptic Curve ...
CVE-2010-0742vulnerablefixedfixedfixedThe Cryptographic Message Syntax (CMS) implementation in ...
CVE-2010-0928vulnerablevulnerablevulnerablevulnerableOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...
CVE-2011-4577vulnerablefixedfixedfixedOpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is ...

Resolved issues

BugDescription
CVE-2002-0655OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...
CVE-2002-0656Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...
CVE-2002-0657Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...
CVE-2002-0659The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...
CVE-2002-1568OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...
CVE-2003-0078ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...
CVE-2003-0131The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...
CVE-2003-0147OpenSSL does not use RSA blinding by default, which allows local and ...
CVE-2003-0543Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...
CVE-2003-0544OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...
CVE-2003-0545Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...
CVE-2004-0079The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...
CVE-2004-0081OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...
CVE-2004-0112The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...
CVE-2004-0975The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...
CVE-2005-2946The default configuration on OpenSSL before 0.9.8 uses MD5 for ...
CVE-2005-2969The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...
CVE-2006-2937OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote ...
CVE-2006-2940OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...
CVE-2006-3738Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL ...
CVE-2006-4339OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...
CVE-2006-4343The get_server_hello function in the SSLv2 client code in OpenSSL ...
CVE-2006-7250The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...
CVE-2007-3108The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL ...
CVE-2007-4995Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before ...
CVE-2007-5135Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL ...
CVE-2008-0166OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based ...
CVE-2008-0891Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS ...
CVE-2008-1672OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...
CVE-2008-5077OpenSSL 0.9.8i and earlier does not properly check the return value ...
CVE-2008-7270OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...
CVE-2009-0590The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows ...
CVE-2009-0591The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is ...
CVE-2009-0653OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an ...
CVE-2009-0789OpenSSL before 0.9.8k on WIN64 and certain other platforms does not ...
CVE-2009-1377The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...
CVE-2009-1378Multiple memory leaks in the dtls1_process_out_of_seq_message function ...
CVE-2009-1379Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment ...
CVE-2009-1386ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...
CVE-2009-1387The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...
CVE-2009-2409The Network Security Services (NSS) library before 3.12.3, as used in ...
CVE-2009-3245OpenSSL before 0.9.8m does not check for a NULL return value from ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...
CVE-2009-4355Memory leak in the zlib_stateful_finish function in ...
CVE-2010-0433The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...
CVE-2010-0740The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...
CVE-2010-1378OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...
CVE-2010-1633RSA verification recovery in the EVP_PKEY_verify_recover function in ...
CVE-2010-2939Double free vulnerability in the ssl3_get_key_exchange function in the ...
CVE-2010-3864Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through ...
CVE-2010-4180OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...
CVE-2010-4252OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...
CVE-2011-0014ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c ...
CVE-2011-1945The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and ...
CVE-2011-3207crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not ...
CVE-2011-3210The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through ...
CVE-2011-4108The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...
CVE-2011-4109Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when ...
CVE-2011-4354crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as ...
CVE-2011-4576The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before ...
CVE-2011-4619The Server Gated Cryptography (SGC) implementation in OpenSSL before ...
CVE-2011-5095The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...
CVE-2012-0027The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle ...
CVE-2012-0050OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...
CVE-2012-0884The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 ...
CVE-2012-1165The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL ...
CVE-2012-2110The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL ...
CVE-2012-2131Multiple integer signedness errors in crypto/buffer/buffer.c in ...
CVE-2012-2333Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and ...
CVE-2012-2686crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the ...
CVE-2013-0166OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...
CVE-2013-0169The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...
CVE-2013-4353The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before ...
CVE-2013-6449The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before ...
CVE-2013-6450The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l ...
CVE-2014-0160The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before ...
CVE-2014-2234A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier ...

Security announcements

DSADescription
DSA-2908-1openssl - security update
DSA-2896-1openssl - security update
DSA-2837-1openssl - programming error
DSA-2833-1openssl - several
DSA-2621-1openssl - several vulnerabilities
DSA-2475-1openssl - integer underflow
DSA-2454-2openssl - incomplete fix
DSA-2454-1openssl - multiple
DSA-2392-1openssl - out-of-bounds read
DSA-2392-1openssl - out-of-bounds read
DSA-2390-1openssl - several
DSA-2390-1openssl - several
DSA-2343-1openssl - CA trust revocation
DSA-2343-1openssl - CA trust revocation
DSA-2309-1openssl - compromised certificate authority
DSA-2309-1openssl - compromised certificate authority
DSA-2162-1openssl - invalid memory access
DSA-2141-1openssl - protocol design flaw
DSA-2125-1openssl - buffer overflow
DSA-2100-1openssl - double free
DSA-1970-1openssl - denial of service
DSA-1888-1openssl - cryptographic weakness
DSA-1888-1openssl - cryptographic weakness
DSA-1763-1openssl openssl097 - denial of service
DSA-1763-1openssl openssl097 - denial of service
DSA-1701-1openssl openssl097 - cryptographic weakness
DSA-1571-1openssl - predictable random number generator
DSA-1379-1openssl - arbitrary code execution
DSA-1379-1openssl - arbitrary code execution
DSA-1185-2openssl
DSA-1173-1openssl - cryptographic weakness
DSA-888-1openssl - cryptographic weakness
DSA-888-1openssl - cryptographic weakness
DSA-603-1openssl - insecure temporary file
DSA-465openssl - several vulnerabilities
DSA-393openssl - denial of service
DSA-288openssl - several vulnerabilities
DSA-253openssl - information leak
DSA-136openssl - multiple remote exploits

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)