| Summary: | openssl new security issues CVE-2022-3358, CVE-2022-3602, and CVE-2022-3786 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Nicolas Salguero <nicolas.salguero> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | openssl-3.0.5-1.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-10-12 02:08:26 CEST
David Walser
2022-10-12 02:08:48 CEST
Status comment:
(none) =>
Committed in SVN, has a test suite failure Assigning to NicolasS as you have several CVE updates to openssl to your credit. Assignee:
bugsquad =>
nicolas.salguero 3.0.7 will be released on November 1 with a critical security fix: https://www.openwall.com/lists/oss-security/2022/10/25/4 It appears that 1.1.1 isn't affected. Hopefully this will also fix the test suite. OpenSSL has issued an advisory today (November 1): https://www.openssl.org/news/secadv/20221101.txt The issues are fixed upstream in 3.0.7. Status comment:
Committed in SVN, has a test suite failure =>
Fixed upstream in 3.0.7 The update is committed in SVN for Cauldron, but has a test failure: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20221101194220.luigiwalser.duvel.3503556/log/openssl-3.0.7-1.mga9/build.aarch64.0.20221101194314.log Status comment:
Fixed upstream in 3.0.7 =>
Committed in SVN, has a test suite failure Fixed for now by reverting to 3.0.5 and adding patches for the CVEs. We should fix the failing test (or probably report it upstream) so we will be able to update it later. We don't want to spend Mageia 9's whole lifetime patching it. Resolution:
(none) =>
FIXED |