Bug 42961

Summary: Regressions regarding php in openssl CVE-2016-2182
Product: UCS Reporter: Felix Botner <botner>
Component: Security updatesAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5    
Version: UCS 4.1   
Target Milestone: UCS 4.1-4-errata   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=42487
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2016111521000294 Bug group (optional):
Max CVSS v3 score:

Comment 1 Felix Botner univentionstaff 2016-11-15 16:38:52 CET 
Replaced CVE-2016-2182 with version from debian package openssl (1.0.1t-1+deb8u5).

php test script works.

version: [3,4]
scope: ucs_4.1-0-errata4.1-4
src: openssl
fix: 1.0.2d-1.126.201611151555
Comment 2 Arvid Requate univentionstaff 2016-11-16 13:28:19 CET 
Verified:
* updated patch from package version 1.0.1t-1+deb8u5 applied via svn/patches
  (checked build log for 1.0.2d-1.126.201611151555)
* Package update works (amd64)
* Advisory: Ok
Comment 3 Janek Walkenhorst univentionstaff 2016-11-16 14:36:19 CET 
<http://errata.software-univention.de/ucs/4.1/327.html>