Issue metadata
Sign in to add a comment
|
Multiple Security vulnerabilities in OpenVPN |
||||||||||||||||||||||
Issue descriptionSee https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/ Nothing really critical as far as I can see. In particular, the vulnerabilities that affect the client side are only relevant to connections via NTLM2 proxies (I don't know what I'm talking about, but I'd think we don't support this). The data leak vulnerability puts user passwords at risk, so setting medium severity tentatively to err on the safe side. We should upgrade to a version that contains fixes eventually, but not super urgent. Over to cernekee@ to triage further.
,
Jun 21 2017
,
Jun 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/31d24608405dcbcc339404cacdb0297cdccfebf6 commit 31d24608405dcbcc339404cacdb0297cdccfebf6 Author: Kevin Cernekee <cernekee@chromium.org> Date: Mon Jun 26 20:25:23 2017 net-vpn/openvpn: Upgrade to v2.4.3 from upstream This is a minor bugfix release. BUG= chromium:735419 TEST=autotests Change-Id: Ie8a280738a5d9074e98c8c57c66789dc1b41650a Reviewed-on: https://chromium-review.googlesource.com/546856 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Mattias Nissler <mnissler@chromium.org> [rename] https://crrev.com/31d24608405dcbcc339404cacdb0297cdccfebf6/net-vpn/openvpn/openvpn-2.4.3.ebuild [add] https://crrev.com/31d24608405dcbcc339404cacdb0297cdccfebf6/net-vpn/openvpn/openvpn-2.4.3-r1.ebuild [modify] https://crrev.com/31d24608405dcbcc339404cacdb0297cdccfebf6/net-vpn/openvpn/Manifest [delete] https://crrev.com/8adcc50dac1910e2aa2e3250ba7a41542b0ebc7d/net-vpn/openvpn/openvpn-2.4.2-r1.ebuild
,
Jun 29 2017
Can we mark this bug as fixed now that the upgrade has been committed? - you friendly secondary security sheriff
,
Jul 5 2017
cernekee: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 11 2017
,
Jul 11 2017
All done here.
,
Jul 11 2017
,
Oct 17 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jun 21 2017