OpenSSL has issued an advisory today (October 11): https://www.openssl.org/news/secadv/20221011.txt The issue is fixed upstream in 3.0.6. The update is committed in SVN for Cauldron, but has a test failure: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20221011211008.luigiwalser.duvel.3785240/log/openssl-3.0.6-1.mga9/build.aarch64.0.20221011215711.log
Status comment: (none) => Committed in SVN, has a test suite failure
Assigning to NicolasS as you have several CVE updates to openssl to your credit.
Assignee: bugsquad => nicolas.salguero
3.0.7 will be released on November 1 with a critical security fix: https://www.openwall.com/lists/oss-security/2022/10/25/4 It appears that 1.1.1 isn't affected. Hopefully this will also fix the test suite.
OpenSSL has issued an advisory today (November 1): https://www.openssl.org/news/secadv/20221101.txt The issues are fixed upstream in 3.0.7.
Status comment: Committed in SVN, has a test suite failure => Fixed upstream in 3.0.7Summary: openssl new security issue CVE-2022-3358 => openssl new security issues CVE-2022-3358, CVE-2022-3602, and CVE-2022-3786
The update is committed in SVN for Cauldron, but has a test failure: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20221101194220.luigiwalser.duvel.3503556/log/openssl-3.0.7-1.mga9/build.aarch64.0.20221101194314.log
Status comment: Fixed upstream in 3.0.7 => Committed in SVN, has a test suite failure
Fixed for now by reverting to 3.0.5 and adding patches for the CVEs. We should fix the failing test (or probably report it upstream) so we will be able to update it later. We don't want to spend Mageia 9's whole lifetime patching it.
Resolution: (none) => FIXEDStatus comment: Committed in SVN, has a test suite failure => (none)Status: NEW => RESOLVED