Issue 106876

Summary:

Update OpenSSL library

Product:

ucb

Reporter:

tkr <tobias.krause>

Component:

code

Assignee:

thorsten.martens

Status:

CLOSED FIXED

QA Contact:

issues@ucb <issues>

Severity:

Trivial

Priority:

CC:

issues

Version:

OOo 1.0.0

Target Milestone:

OOo 3.2

Hardware:

All

OS:

All

Issue Type:

DEFECT

Latest Confirmation in:

---

Developer Difficulty:

---

Issue Depends on:

Issue Blocks:

99999

Attachments:

Description	Flags
neon patch	none

Description tkr 2009-11-13 07:55:53 UTC

The currently in OOo used OpenSSL version 0.9.8k is effected by the TLS/SSL
renegotiation issue (CVE-2009-3555). The OpenSSL version 0.9.8l fixes this
vulnerability. Please update.

Comment 1 tkr 2009-11-13 08:08:29 UTC

Set target milestone OOo 3.2

Comment 2 mdxonefour 2009-11-13 08:32:48 UTC

adding to stopper meta issue

Comment 3 caolanm 2009-11-13 08:37:39 UTC

Created attachment 66086 [details]
neon patch

Comment 4 caolanm 2009-11-13 08:38:50 UTC

I don't think you'll need the above patch to neon for openssl 0.9.8l, I think
its only needed for openssl 1.0.0. But just in case you get a link error in neon
after upgrading openssl, then the above is the upstream fix for it.

Comment 5 tkr 2009-11-16 09:00:36 UTC

fixed in tkr30

Comment 6 tkr 2009-11-19 09:12:21 UTC

TKR->TM: Please verify on all platforms. To verify: Open a HTTPS connection.

Comment 7 thorsten.martens 2009-11-23 10:37:37 UTC

Checked and verified in cws tkr30 -> OK !