Ubuntu
openslp-dfsg package

  1. Bug #314776
  2. Activity log

Activity log for bug #314776

Date Who What changed Old value New value Message
2009-01-07 16:52:27 Till Ulen bug added bug
2009-01-07 16:52:45 Till Ulen who_made_private a-konovalenko
2009-01-07 16:53:37 Till Ulen bug assigned to ntp (Ubuntu)
2009-01-07 16:54:14 Till Ulen bug assigned to bind9 (Ubuntu)
2009-01-07 18:22:42 Jamie Strandboge openssl: status New Fix Committed
2009-01-07 18:22:42 Jamie Strandboge openssl: assignee jdstrand
2009-01-07 18:22:42 Jamie Strandboge openssl: statusexplanation Thank you for using Ubuntu and taking the time to report a bug.
2009-01-07 18:23:19 Jamie Strandboge ntp: status New Fix Committed
2009-01-07 18:23:19 Jamie Strandboge ntp: assignee jdstrand
2009-01-07 18:23:19 Jamie Strandboge ntp: statusexplanation
2009-01-07 18:23:47 Jamie Strandboge bind9: status New In Progress
2009-01-07 18:23:47 Jamie Strandboge bind9: assignee jdstrand
2009-01-07 18:23:47 Jamie Strandboge bind9: statusexplanation
2009-01-07 22:27:49 Jamie Strandboge openssl: status Fix Committed Fix Released
2009-01-07 22:27:49 Jamie Strandboge openssl: statusexplanation Thank you for using Ubuntu and taking the time to report a bug. OpenSSL issue is fixed in http://www.ubuntu.com/usn/usn-704-1.
2009-01-07 23:34:50 Kees Cook bug assigned to openslp-dfsg (Ubuntu)
2009-01-07 23:35:03 Kees Cook openslp-dfsg: status New Triaged
2009-01-07 23:35:03 Kees Cook openslp-dfsg: assignee jdstrand
2009-01-07 23:35:03 Kees Cook openslp-dfsg: statusexplanation
2009-01-07 23:35:41 Kees Cook bind9: importance Undecided High
2009-01-07 23:35:52 Kees Cook ntp: importance Undecided High
2009-01-07 23:36:02 Kees Cook openslp-dfsg: importance Undecided High
2009-01-07 23:36:11 Kees Cook openssl: importance Undecided High
2009-01-07 23:36:11 Kees Cook openssl: statusexplanation OpenSSL issue is fixed in http://www.ubuntu.com/usn/usn-704-1.
2009-01-08 00:45:05 Jamie Strandboge bind9: status In Progress Fix Committed
2009-01-08 18:52:01 Jamie Strandboge ntp: status Fix Committed Fix Released
2009-01-08 18:52:01 Jamie Strandboge ntp: statusexplanation ntp (1:4.2.4p4+dfsg-7ubuntu3) jaunty; urgency=low * SECURITY UPDATE: clients treat malformed signatures as good when verifying server DSA and ECDSA certificates. - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly check the return code of EVP_VerifyFinal() - CVE-2009-0021
2009-01-08 19:48:24 Jamie Strandboge ntp: importance High Medium
2009-01-08 19:48:24 Jamie Strandboge ntp: statusexplanation ntp (1:4.2.4p4+dfsg-7ubuntu3) jaunty; urgency=low * SECURITY UPDATE: clients treat malformed signatures as good when verifying server DSA and ECDSA certificates. - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly check the return code of EVP_VerifyFinal() - CVE-2009-0021
2009-01-08 19:48:42 Jamie Strandboge bind9: importance High Medium
2009-01-09 02:40:30 Jamie Strandboge openslp-dfsg: status Triaged In Progress
2009-01-09 04:51:21 Jamie Strandboge bind9: status Fix Committed Fix Released
2009-01-09 04:51:21 Jamie Strandboge bind9: statusexplanation bind9 (1:9.5.0.dfsg.P2-5ubuntu1) jaunty; urgency=low * SECURITY UPDATE: clients treat malformed signatures as good when verifying server DSA and ECDSA certificates. - update lib/dns/openssldsa_link.c to properly check the return code of DSA_do_verify() - CVE-2009-0025
2009-01-09 13:23:56 Jamie Strandboge openslp-dfsg: importance High Medium
2009-01-09 14:40:39 Jamie Strandboge openslp-dfsg: status In Progress Won't Fix
2009-01-09 14:40:39 Jamie Strandboge openslp-dfsg: importance Medium Low
2009-01-09 14:40:39 Jamie Strandboge openslp-dfsg: statusexplanation openslp as of 1.2.1-5 (the one shipped in Dapper), doesn't build with --enable-security and in fact Build-Conflicts against libssl-dev (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337606), so the package would need significant changes to be affected by this bug.