We have moved to a new Sailfish OS Forum. Please start new discussions there.
9

Status/Plan for latest openssl vulnerabilities (CVE 2014-0224 and others) [Fixed in Saapunki] [released]

asked 2014-06-06 08:40:31 +0200

lenggi gravatar image

updated 2014-06-11 15:47:51 +0200

chemist gravatar image

I wanted to ask what the plan is regarding the latest openssl vulnerabilities, especially CVE-2014-0224.

Can we expect it to be included with the June update (I am willing to another week if so) or would it rather be minor update as we had it with the mms fixes?

PS I would be kind of a bummer if this would have to wait until August...

The update was delayed by a few days to test this. So it is now fixed in Saapunki 1.0.7.16

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by chemist
close date 2014-06-11 15:48:08.207936

1 Answer

Sort by » oldest newest most voted
18

answered 2014-06-06 12:31:39 +0200

tigeli gravatar image

CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 will be fixed in the upcoming update.

edit flag offensive delete publish link more

Comments

Good to hear. However, did this cause extra delay? The GnuTLS library in the current release is broken as well. According to earlier comment, this will be fixed in the upcoming release too. But in the mean time, we're still vulnerable...

Fuzzillogic ( 2014-06-06 12:43:30 +0200 )edit

@Fuzzillogic If you're really worried you are a target for those exploits and you need a fix now you can upgrade the library yourself . And accept potential breakage that comes with the update.

The sane answer is. Sit back and relax, have nice $favourite_beverage and wait for the update that is coming soon ;)

Philippe De Swert ( 2014-06-06 13:52:52 +0200 )edit

Do we have an ETA for 'upcoming'?

strongm ( 2014-06-06 15:11:23 +0200 )edit

@Fuzzillogic Yes, it causes extra delay as we need to make sure everything still works after patching the openssl.

@strongm No, we do not have publicly available ETA other than early June. :)

tigeli ( 2014-06-06 17:56:41 +0200 )edit
2

Excellent! We'll soon be running out of early June ... ;-)

strongm ( 2014-06-07 01:10:29 +0200 )edit

Question tools

Follow
2 followers

subscribe to rss feed

Stats

Asked: 2014-06-06 08:40:31 +0200

Seen: 750 times

Last updated: Jun 11 '14

Related questions

[Fixed in 1.0.3.8] Crash when linking contacts? [not relevant]

Word prediction should be always turned off when entering passwords in Android apps [released]

Bug: Virtual keyboard stuck on top of applications

Android VKB saves and suggests passwords in plaintext

Push up menu and vkb small visual issue [released]

Bug: SD card formatted to ext4/btrfs is not mounted automatically [released]

AGPS lets Mobile Data become active even when connected to wifi [released]

PBAP bluetooth profile support is requested [released]

VPN client [released]

Time slider usage in video player of Gallery app causes the app to hang [duplicate]

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49