Bug 26357

Summary: openssl new security issues fixed upstream in 1.1.1e
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: nicolas.salguero, rihoward1
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: openssl-1.1.1d-3.mga8.src.rpm CVE:
Status comment: Fixed upstream in 1.1.1e

Description David Walser 2020-03-18 21:30:35 CET 
OpenSSL has released 1.1.1e on March 17:
https://www.openssl.org/

They didn't post an advisory or say what the security issues are.  1.0.2 and 1.1.0 are out of support, so may also be affected.
David Walser 2020-03-18 21:30:54 CET

Status comment: (none) => Fixed upstream in 1.1.1e

Comment 1 r howard 2020-03-18 21:39:55 CET 
 David Walser Take a look at the change log at https://www.openssl.org/news/cl111.txt

CC: (none) => rihoward1

Comment 2 David Walser 2020-03-18 22:28:24 CET 
I see CVE-2019-1551.
Comment 3 Nicolas Salguero 2020-03-19 10:13:21 CET 
CVE-2019-1551 was fixed in bug 25977.

CC: (none) => nicolas.salguero

Comment 4 David Walser 2020-03-19 11:08:44 CET 
I thought that CVE looked familiar.  Hopefully that's the only security fix.  I guess we can update openssl in Cauldron and be done with this one.
Comment 5 Nicolas Salguero 2020-03-23 16:05:59 CET 
Done for Cauldron
Comment 6 David Walser 2020-03-23 19:56:46 CET 
Thanks.

Status: NEW => RESOLVED
Resolution: (none) => FIXED