New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 649621 link

Starred by 1 user
Status: Duplicate
Merged: issue 647919
Owner: ----
Closed: Sep 2016
Cc:
vapier@chromium.org
andreyu@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 1
Type: Bug-Security
M54



Sign in to add a comment

OpenSSL Security Advisory [22 Sep 2016]: Upgrade Chrome OS to 1.0.2i

Project Member Reported by mnissler@chromium.org, Sep 23 2016 
OpenSSL published a security advisory: https://www.openssl.org/news/secadv/20160922.txt

Lots of low severity vulnerabilities. Judging from their descriptions, the only two high and moderate entries affect SSL/TLS servers, so probably aren't too relevant to Chrome OS.

OpenSSL 1.0.2i is out with fixes for all the vulnerabilities. It also includes fixes for all vulnerabilities in  issue 647919 .

We should upgrade to 1.0.2i, or preferably to 1.1.0a if that is feasible within a reasonable timeframe.
Project Member

Comment 1 by sheriffbot@chromium.org, Sep 23 2016

Labels: M-54

Comment 2 by vapier@chromium.org, Sep 23 2016

Mergedinto: 647919
Status: Duplicate (was: Available)
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 4 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment