Details

    • Sprint:
      Security Sprint 29
    • Story Points:
      1

      Description

      We need to move from OpenSSL 1.0.2n to 1.0.2p.

      Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
      Client DoS due to large DH parameter (CVE-2018-0732)
      Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
      Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
      Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)

      https://www.openssl.org/news/openssl-1.0.2-notes.html

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jp Jan-Philip Gehrcke
                Reporter:
                jp Jan-Philip Gehrcke
                Team:
                Security Team
                Watchers:
                Artem Harutyunyan, Dominik Dary, Gustav Paul, Jan-Philip Gehrcke, Mergebot, Somik Behera
              • Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: