Bug #94531 for Perl-Dist-Strawberry: security: OpenSSL heartbleed bug

RT for rt.cpan.org

This queue is for tickets about the Perl-Dist-Strawberry CPAN distribution.

Report information

The Basics

Id:	94531
Status:	resolved
Priority:	0/
Queue:	Perl-Dist-Strawberry

People

Owner:	Nobody in particular
Requestors:	dolmen [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	Critical
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Tue Apr 08 04:38:11 2014 dolmen [...] cpan.org - Ticket created

Subject:

security: OpenSSL heartbleed bug

According to the release notes, all StrawberryPerl releases since at least 5.16.0.1 use OpenSSL 1.0.1c to 1.0.1e. Those versions are vulnerable to the « OpenSSL heartbleed bug » which is a major security issue as it may reveal internal OpenSSL state (such as keys) to the other party. http://heartbleed.com/ https://www.openssl.org/news/secadv_20140407.txt -- Olivier Mengué - http://perlresume.org/DOLMEN

Tue Apr 08 05:06:47 2014 kmx [...] volny.cz - Correspondence added

Subject:	Re: [rt.cpan.org #94531] security: OpenSSL heartbleed bug
Date:	Tue, 08 Apr 2014 11:06:29 +0200
To:	bug-Perl-Dist-Strawberry [...] rt.cpan.org
From:	kmx <kmx [...] volny.cz>

Thanks for your report, I'll upgrade openssl to 1.0.1g -- kmx

Tue Apr 08 05:06:47 2014 The RT System itself - Status changed from 'new' to 'open'

Tue Apr 08 12:07:42 2014 ether [...] cpan.org - Severity Critical added

Wed Sep 17 10:54:15 2014 kmx [...] cpan.org - Status changed from 'open' to 'resolved'