Opened 15 years ago
Closed 14 years ago
#823 closed Defect (fixed)
boinc does not check the RSA_public_decrypt() return value
| Reported by: | mjakubicek | Owned by: | davea |
|---|---|---|---|
| Priority: | Critical | Milestone: | Undetermined |
| Component: | Client - Daemon | Version: | 6.6.37 |
| Keywords: | Security | Cc: | mjakubicek |
Description
Change History (4)
comment:1 Changed 15 years ago by
comment:2 Changed 15 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:3 Changed 15 years ago by
| Cc: | mjakubicek added |
|---|---|
| Resolution: | fixed |
| Status: | closed → reopened |
| Version: | 6.4.5 → 6.6.37 |
Reopening, it is still not fixed in the 6.6 branch. Please pay attention to fix bugs not only in trunk, but also in active branches, especially when it comes to security issues.
comment:4 Changed 14 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
This was fixed in the 6.6a branch.
Note: See
TracTickets for help on using
tickets.
http://openssl.org/news/secadv_20090107.txt
"[...]Recommendations for users of OpenSSL =====================================
Users of OpenSSL 0.9.8 should update to the OpenSSL 0.9.8j release which contains a patch to correct this issue.[...]"
0.9.8j is working well, we should add test cases for OpenSSL communication on BOINC alpha test