26357 – openssl new security issues fixed upstream in 1.1.1e

Bug 26357 - openssl new security issues fixed upstream in 1.1.1e

Summary: openssl new security issues fixed upstream in 1.1.1e

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-03-18 21:30 CET by David Walser
Modified:	2020-03-23 19:56 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	openssl-1.1.1d-3.mga8.src.rpm
CVE:
Status comment:	Fixed upstream in 1.1.1e

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-03-18 21:30:35 CET

OpenSSL has released 1.1.1e on March 17:
https://www.openssl.org/

They didn't post an advisory or say what the security issues are.  1.0.2 and 1.1.0 are out of support, so may also be affected.

David Walser 2020-03-18 21:30:54 CET

Status comment: (none) => Fixed upstream in 1.1.1e

Comment 1 r howard 2020-03-18 21:39:55 CET

 David Walser Take a look at the change log at https://www.openssl.org/news/cl111.txt

CC: (none) => rihoward1

Comment 2 David Walser 2020-03-18 22:28:24 CET

I see CVE-2019-1551.

Comment 3 Nicolas Salguero 2020-03-19 10:13:21 CET

CVE-2019-1551 was fixed in bug 25977.

CC: (none) => nicolas.salguero

Comment 4 David Walser 2020-03-19 11:08:44 CET

I thought that CVE looked familiar.  Hopefully that's the only security fix.  I guess we can update openssl in Cauldron and be done with this one.

Comment 5 Nicolas Salguero 2020-03-23 16:05:59 CET

Done for Cauldron

Comment 6 David Walser 2020-03-23 19:56:46 CET

Thanks.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.