Bug 31853

Summary: openssl new security issue CVE-2023-1255, only for v3.x on Arm
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Salguero <nicolas.salguero>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: minor    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: aarch64   
OS: Linux   
Whiteboard:
Source RPM: openssl-3.0.8-3.mga9.src.rpm CVE:
Status comment:

Description David Walser 2023-05-01 16:38:28 CEST 
OpenSSL has issued an advisory on April 20:
https://www.openssl.org/news/secadv/20230420.txt

Only 3.x is affected (Cauldron) and only on ARM.

The next OpenSSL version will contain the fix.
Comment 1 Lewis Smith 2023-05-01 20:37:23 CEST 
ns80 is the main committer of openssl, so assigning this to you.
Is it worth waiting?

Summary: openssl new security issue CVE-2023-1255 => openssl new security issue CVE-2023-1255, only for v3.x on Arm
Assignee: bugsquad => nicolas.salguero

Comment 2 Nicolas Salguero 2023-05-01 22:47:31 CEST 
Hi,

openssl-3.0.8-3.mga9 already contains the fix for that CVE.

Best regards,

Nico.
Comment 3 David Walser 2023-05-02 01:35:59 CEST 
Thanks.

Status: NEW => RESOLVED
Resolution: (none) => FIXED