Issue 647919 link

Starred by 1 user

Issue metadata

Status:	Archived
Owner:	█ andreyu@google.com Last visit > 30 days ago
Closed:	Sep 2016
Cc:	vapier@chromium.org █ josa...@chromium.org █ andreyu@google.com
Components:	OS>Packages
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	1
Type:	Bug-Security
Hotlist-Merge-Review Vomit Security_Impact-Stable Security_Severity-Medium M-54 Hotlist-Merge-Approved allpublic merge-merged-release-R53-8530.B merge-merged-release-R54-8743.B VerifyIn-58 VerifyIn-59 VerifyIn-60 VerifyIn-61

CrOS: Vulnerability reported in dev-libs/openssl

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 17 2016

Issue description

Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: dev-libs/openssl
Package Version: [cpe:/a:openssl:openssl:1.0.2h]

Advisory: CVE-2016-2179
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-2179
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
Advisory: CVE-2016-2181
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-2181
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
Advisory: CVE-2016-2182
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-2182
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Advisory: CVE-2016-6302
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-6302
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
Advisory: CVE-2016-6303
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-6303
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Comment 1 by kerrnel@chromium.org, Sep 19 2016

I will triage this.

Comment 2 by kerrnel@chromium.org, Sep 19 2016

Cc: vapier@chromium.org

Comment 3 by kerrnel@chromium.org, Sep 19 2016

Components: OS>Packages
Owner: kerrnel@chromium.org
Status: Started (was: Untriaged)

Comment 4 by kerrnel@chromium.org, Sep 20 2016

Fixed in: https://chromium-review.googlesource.com/#/c/387266/1. Thanks Andrey!

Comment 5 by kerrnel@chromium.org, Sep 20 2016

Cc: andreyu@google.com

Comment 6 by elawrence@chromium.org, Sep 20 2016

Labels: Security_Severity-Medium Security_Impact-Stable

Project Member

Comment 7 by sheriffbot@chromium.org, Sep 21 2016

Labels: M-54

Comment 8 by kerrnel@chromium.org, Sep 21 2016

Owner: andreyu@google.com

Andrey, will this be pulled into M-54?

Project Member

Comment 9 by bugdroid1@chromium.org, Sep 22 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/9a8bddc947c1c8052bc486edcc216001cde0267a

commit 9a8bddc947c1c8052bc486edcc216001cde0267a
Author: Andrey Ulanov <andreyu@google.com>
Date: Mon Sep 19 23:32:28 2016

openssl: add a few security patches

The following CVEs are fixed:
  CVE-2016-2177
  CVE-2016-2178
  CVE-2016-2179
  CVE-2016-2181
  CVE-2016-2182
  CVE-2016-6302
  CVE-2016-6303

BUG=b:29558011
BUG=b:31562497
BUG= chromium:647919 
TEST=emerge openssl

Change-Id: I8c707379daea6bde356b5989300dab60cf88881c
Reviewed-on: https://chromium-review.googlesource.com/387266
Commit-Ready: Andrey Ulanov <andreyu@google.com>
Tested-by: Andrey Ulanov <andreyu@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[add] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6302.patch
[add] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
[add] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
[add] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2181.patch
[add] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2182.patch
[add] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2179.patch
[rename] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/openssl-1.0.2h-r3.ebuild
[add] https://crrev.com/9a8bddc947c1c8052bc486edcc216001cde0267a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6303.patch

Comment 10 by vapier@chromium.org, Sep 22 2016

Cc: josa...@chromium.org
Labels: Merge-Request-53 Merge-Request-52 Merge-Request-54

these patches shouldn't be too much of a risk to backport

Comment 11 by dimu@chromium.org, Sep 23 2016

Labels: -Merge-Request-52 Merge-Review-52 Hotlist-Merge-Review

[Automated comment] Request affecting a post-stable build (M52), manual review required.

Comment 12 by dimu@chromium.org, Sep 23 2016

Labels: -Merge-Request-53 Merge-Review-53

[Automated comment] Request affecting a post-stable build (M53), manual review required.

Comment 13 by dimu@chromium.org, Sep 23 2016

Labels: -Merge-Request-54 Merge-Approved-54 Hotlist-Merge-Approved

Your change meets the bar and is auto-approved for M54 (branch: 2840)

Comment 14 by dimu@chromium.org, Sep 23 2016

Labels: -Merge-Request-52 Merge-Review-52 Hotlist-Merge-Review

[Automated comment] Request affecting a post-stable build (M52), manual review required.

Comment 15 by dimu@chromium.org, Sep 23 2016

Labels: -Merge-Request-53 Merge-Review-53

[Automated comment] Request affecting a post-stable build (M53), manual review required.

Comment 16 by dimu@chromium.org, Sep 23 2016

Labels: -Merge-Request-52 Merge-Review-52 Hotlist-Merge-Review

[Automated comment] Request affecting a post-stable build (M52), manual review required.

Project Member

Comment 17 by sheriffbot@chromium.org, Sep 23 2016

Status: Fixed (was: Started)

Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 18 by vapier@chromium.org, Sep 23 2016

Status: Started (was: Fixed)

Project Member

Comment 19 by bugdroid1@chromium.org, Sep 23 2016

Labels: merge-merged-release-R54-8743.B

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/9f1259d730fa724e0c31ef6e7059f0fd155cf299

commit 9f1259d730fa724e0c31ef6e7059f0fd155cf299
Author: Andrey Ulanov <andreyu@google.com>
Date: Mon Sep 19 23:32:28 2016

openssl: add a few security patches

The following CVEs are fixed:
  CVE-2016-2177
  CVE-2016-2178
  CVE-2016-2179
  CVE-2016-2181
  CVE-2016-2182
  CVE-2016-6302
  CVE-2016-6303

BUG=b:29558011
BUG=b:31562497
BUG= chromium:647919 
TEST=emerge openssl

Reviewed-on: https://chromium-review.googlesource.com/387266
Commit-Ready: Andrey Ulanov <andreyu@google.com>
Tested-by: Andrey Ulanov <andreyu@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Change-Id: I8c707379daea6bde356b5989300dab60cf88881c
Reviewed-on: https://chromium-review.googlesource.com/388069
Commit-Queue: Andrey Ulanov <andreyu@google.com>

[add] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6302.patch
[add] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
[add] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
[add] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2181.patch
[add] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2182.patch
[add] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2179.patch
[rename] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/openssl-1.0.2h-r3.ebuild
[add] https://crrev.com/9f1259d730fa724e0c31ef6e7059f0fd155cf299/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6303.patch

Comment 20 by mnissler@chromium.org, Sep 26 2016

1.0.2j is out, fixing issues with the fixes in 1.0.2i: https://www.openssl.org/news/secadv/20160926.txt

Project Member

Comment 21 by sheriffbot@chromium.org, Sep 26 2016

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 22 by josa...@chromium.org, Sep 26 2016

Labels: -Merge-Review-52 -Merge-Review-53 Merge-Approved-53

Project Member

Comment 23 by bugdroid1@chromium.org, Sep 26 2016

Labels: merge-merged-release-R53-8530.B

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b

commit e49f0d3b2d1225fdf589980c2bb80753f8c91b4b
Author: Andrey Ulanov <andreyu@google.com>
Date: Mon Sep 19 23:32:28 2016

openssl: add a few security patches

The following CVEs are fixed:
  CVE-2016-2177
  CVE-2016-2178
  CVE-2016-2179
  CVE-2016-2181
  CVE-2016-2182
  CVE-2016-6302
  CVE-2016-6303

BUG=b:29558011
BUG=b:31562497
BUG= chromium:647919 
TEST=emerge openssl

Previously-Reviewed-on: https://chromium-review.googlesource.com/387266
(cherry picked from commit 9a8bddc947c1c8052bc486edcc216001cde0267a)

Change-Id: I4614a9cf8f22f1d55d126e4c97a7cf86240ac75b
Reviewed-on: https://chromium-review.googlesource.com/388932
Reviewed-by: Andrey Ulanov <andreyu@google.com>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>

[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6302.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2181.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2182.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2179.patch
[rename] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/openssl-1.0.2h-r3.ebuild
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6303.patch

Project Member

Comment 24 by bugdroid1@chromium.org, Sep 26 2016

Labels: merge-merged-release-R53-8530.B

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b

commit e49f0d3b2d1225fdf589980c2bb80753f8c91b4b
Author: Andrey Ulanov <andreyu@google.com>
Date: Mon Sep 19 23:32:28 2016

openssl: add a few security patches

The following CVEs are fixed:
  CVE-2016-2177
  CVE-2016-2178
  CVE-2016-2179
  CVE-2016-2181
  CVE-2016-2182
  CVE-2016-6302
  CVE-2016-6303

BUG=b:29558011
BUG=b:31562497
BUG= chromium:647919 
TEST=emerge openssl

Previously-Reviewed-on: https://chromium-review.googlesource.com/387266
(cherry picked from commit 9a8bddc947c1c8052bc486edcc216001cde0267a)

Change-Id: I4614a9cf8f22f1d55d126e4c97a7cf86240ac75b
Reviewed-on: https://chromium-review.googlesource.com/388932
Reviewed-by: Andrey Ulanov <andreyu@google.com>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>

[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6302.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2181.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2182.patch
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2179.patch
[rename] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/openssl-1.0.2h-r3.ebuild
[add] https://crrev.com/e49f0d3b2d1225fdf589980c2bb80753f8c91b4b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6303.patch

Project Member

Comment 25 by bugdroid1@chromium.org, Sep 26 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/036df3db483ee34efe7224aa511933fcb5bb5fa3

commit 036df3db483ee34efe7224aa511933fcb5bb5fa3
Author: Andrey Ulanov <andreyu@google.com>
Date: Thu Sep 22 17:33:13 2016

openssl: update to 1.0.2j

BUG= chromium:647919 
TEST=emerge openssl

Change-Id: I95a054837fe86f14cbf06994ddf609712240567a
Reviewed-on: https://chromium-review.googlesource.com/388027
Commit-Ready: Andrey Ulanov <andreyu@google.com>
Tested-by: Andrey Ulanov <andreyu@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6302.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
[rename] https://crrev.com/036df3db483ee34efe7224aa511933fcb5bb5fa3/dev-libs/openssl/openssl-1.0.2j.ebuild
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2181.patch
[modify] https://crrev.com/036df3db483ee34efe7224aa511933fcb5bb5fa3/dev-libs/openssl/Manifest
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2179.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2182.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6303.patch
[rename] https://crrev.com/036df3db483ee34efe7224aa511933fcb5bb5fa3/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch

Project Member

Comment 26 by bugdroid1@chromium.org, Sep 26 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/036df3db483ee34efe7224aa511933fcb5bb5fa3

commit 036df3db483ee34efe7224aa511933fcb5bb5fa3
Author: Andrey Ulanov <andreyu@google.com>
Date: Thu Sep 22 17:33:13 2016

openssl: update to 1.0.2j

BUG= chromium:647919 
TEST=emerge openssl

Change-Id: I95a054837fe86f14cbf06994ddf609712240567a
Reviewed-on: https://chromium-review.googlesource.com/388027
Commit-Ready: Andrey Ulanov <andreyu@google.com>
Tested-by: Andrey Ulanov <andreyu@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6302.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
[rename] https://crrev.com/036df3db483ee34efe7224aa511933fcb5bb5fa3/dev-libs/openssl/openssl-1.0.2j.ebuild
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2181.patch
[modify] https://crrev.com/036df3db483ee34efe7224aa511933fcb5bb5fa3/dev-libs/openssl/Manifest
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2179.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2182.patch
[delete] https://crrev.com/d657468abe1e8c6102dfd42d9c7bad3e76024d81/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-6303.patch
[rename] https://crrev.com/036df3db483ee34efe7224aa511933fcb5bb5fa3/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch

Comment 27 by andreyu@google.com, Sep 26 2016

Status: Fixed (was: Started)

Project Member

Comment 28 by sheriffbot@chromium.org, Sep 27 2016

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 29 by mnissler@chromium.org, Sep 28 2016

 Issue 651012  has been merged into this issue.

Project Member

Comment 30 by sheriffbot@chromium.org, Sep 29 2016

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 31 by andreyu@google.com, Sep 29 2016

Labels: -Merge-Approved-53 -Merge-Approved-54

Project Member

Comment 32 by sheriffbot@chromium.org, Jan 3 2017

Labels: -Restrict-View-SecurityNotify allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 33 by dchan@google.com, Mar 4 2017

Labels: VerifyIn-58

Comment 34 by dchan@google.com, Apr 17 2017

Labels: VerifyIn-59

Comment 35 by dchan@google.com, May 30 2017

Labels: VerifyIn-60

Comment 36 by dchan@chromium.org, Aug 1 2017

Labels: VerifyIn-61

Comment 37 by dchan@chromium.org, Oct 14 2017

Status: Archived (was: Fixed)

►

Issue 647919 link

Issue metadata

CrOS: Vulnerability reported in dev-libs/openssl

Issue description

Comment 1 by kerrnel@chromium.org, Sep 19 2016

Comment 1 Deleted

Comment 2 by kerrnel@chromium.org, Sep 19 2016

Comment 2 Deleted

Comment 3 by kerrnel@chromium.org, Sep 19 2016

Comment 3 Deleted

Comment 4 by kerrnel@chromium.org, Sep 20 2016

Comment 4 Deleted

Comment 5 by kerrnel@chromium.org, Sep 20 2016

Comment 5 Deleted

Comment 6 by elawrence@chromium.org, Sep 20 2016

Comment 6 Deleted

Comment 7 by sheriffbot@chromium.org, Sep 21 2016

Comment 7 Deleted

Comment 8 by kerrnel@chromium.org, Sep 21 2016

Comment 8 Deleted

Comment 9 by bugdroid1@chromium.org, Sep 22 2016

Comment 9 Deleted

Comment 10 by vapier@chromium.org, Sep 22 2016

Comment 10 Deleted

Comment 11 by dimu@chromium.org, Sep 23 2016

Comment 11 Deleted

Comment 12 by dimu@chromium.org, Sep 23 2016

Comment 12 Deleted

Comment 13 by dimu@chromium.org, Sep 23 2016

Comment 13 Deleted

Comment 14 by dimu@chromium.org, Sep 23 2016

Comment 14 Deleted

Comment 15 by dimu@chromium.org, Sep 23 2016

Comment 15 Deleted

Comment 16 by dimu@chromium.org, Sep 23 2016

Comment 16 Deleted

Comment 17 by sheriffbot@chromium.org, Sep 23 2016

Comment 17 Deleted

Comment 18 by vapier@chromium.org, Sep 23 2016

Comment 18 Deleted

Comment 19 by bugdroid1@chromium.org, Sep 23 2016

Comment 19 Deleted

Comment 20 by mnissler@chromium.org, Sep 26 2016

Comment 20 Deleted

Comment 21 by sheriffbot@chromium.org, Sep 26 2016

Comment 21 Deleted

Comment 22 by josa...@chromium.org, Sep 26 2016

Comment 22 Deleted

Comment 23 by bugdroid1@chromium.org, Sep 26 2016

Comment 23 Deleted

Comment 24 by bugdroid1@chromium.org, Sep 26 2016

Comment 24 Deleted

Comment 25 by bugdroid1@chromium.org, Sep 26 2016

Comment 25 Deleted

Comment 26 by bugdroid1@chromium.org, Sep 26 2016

Comment 26 Deleted

Comment 27 by andreyu@google.com, Sep 26 2016

Comment 27 Deleted

Comment 28 by sheriffbot@chromium.org, Sep 27 2016

Comment 28 Deleted

Comment 29 by mnissler@chromium.org, Sep 28 2016

Comment 29 Deleted

Comment 30 by sheriffbot@chromium.org, Sep 29 2016

Comment 30 Deleted

Comment 31 by andreyu@google.com, Sep 29 2016

Comment 31 Deleted

Comment 32 by sheriffbot@chromium.org, Jan 3 2017

Comment 32 Deleted

Comment 33 by dchan@google.com, Mar 4 2017

Comment 33 Deleted

Comment 34 by dchan@google.com, Apr 17 2017

Comment 34 Deleted

Comment 35 by dchan@google.com, May 30 2017

Comment 35 Deleted

Comment 36 by dchan@chromium.org, Aug 1 2017

Comment 36 Deleted

Comment 37 by dchan@chromium.org, Oct 14 2017

Comment 37 Deleted

Sign in to add a comment