[tahoe-lafs-trac-stream] [Tahoe-LAFS] #1722: respond to OpenSSL ASN.1 parsing bug
Tahoe-LAFS
trac at tahoe-lafs.org
Fri Jan 17 14:08:17 UTC 2020
#1722: respond to OpenSSL ASN.1 parsing bug
----------------------------+----------------------------------------
Reporter: davidsarah | Owner:
Type: defect | Status: closed
Priority: normal | Milestone: undecided
Component: packaging | Version: 1.9.1
Resolution: wontfix | Keywords: openssl security packaging
Launchpad Bug: |
----------------------------+----------------------------------------
Changes (by exarkun):
* status: new => closed
* resolution: => wontfix
Old description:
> http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
>
> * review source of pyOpenSSL to see what calls it makes to OpenSSL, check
> [http://www.openssl.org/news/secadv_20120419.txt assertion that SSL/TLS
> is not affected].
> * what is the impact on Tahoe, if any?
> * if needed write advisory, put on website and post to tahoe-dev
> * understand how pyOpenSSL links to OpenSSL, and whether we should change
> pyOpenSSL and bump Tahoe's dependency on it.
New description:
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
* review source of pyOpenSSL to see what calls it makes to OpenSSL, check
[http://www.openssl.org/news/secadv_20120419.txt assertion that SSL/TLS is
not affected].
* what is the impact on Tahoe, if any?
* if needed write advisory, put on website and post to tahoe-dev
* understand how pyOpenSSL links to OpenSSL, and whether we should change
pyOpenSSL and bump Tahoe's dependency on it.
--
Comment:
According to the announcement the issue was fixed in 1.0.1a, 1.0.0i or
0.9.8v. These OpenSSL versions are all much older than what anyone should
be using with Tahoe-LAFS in 2020.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1722#comment:5>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list