[tahoe-lafs-trac-stream] [tahoe-lafs] #1722: respond to OpenSSL ASN.1 parsing bug
tahoe-lafs
trac at tahoe-lafs.org
Tue Nov 13 23:29:46 UTC 2012
#1722: respond to OpenSSL ASN.1 parsing bug
----------------------------+----------------------------------------
Reporter: davidsarah | Owner:
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: packaging | Version: 1.9.1
Resolution: | Keywords: openssl security packaging
Launchpad Bug: |
----------------------------+----------------------------------------
Changes (by zooko):
* priority: critical => normal
Old description:
> http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
>
> * review source of pyOpenSSL to see what calls it makes to OpenSSL, check
> [http://www.openssl.org/news/secadv_20120419.txt assertion that SSL/TLS
> is not affected].
> * what is the impact on Tahoe, if any?
> * if needed write advisory, put on website and post to tahoe-dev
> * understand how pyOpenSSL links to OpenSSL, and whether we should change
> pyOpenSSL and bump Tahoe's dependency on it.
New description:
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
* review source of pyOpenSSL to see what calls it makes to OpenSSL, check
[http://www.openssl.org/news/secadv_20120419.txt assertion that SSL/TLS is
not affected].
* what is the impact on Tahoe, if any?
* if needed write advisory, put on website and post to tahoe-dev
* understand how pyOpenSSL links to OpenSSL, and whether we should change
pyOpenSSL and bump Tahoe's dependency on it.
--
Comment:
I'm assuming that this isn't "Priority: Critical", if only because so much
time has passed, and the (uncertain) comments from warner and davidsarah
made it sound like it was unlikely to be a problem for us. Of course, it
would still be good to make sure!
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1722#comment:4>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list