[Pkg-javascript-devel] bookworm-pu: package openssl/3.0.14-1~deb12u1
Paul Gevers
elbrus at debian.org
Sat Aug 24 12:52:50 BST 2024
Hi Sebastian,
On Sat, 17 Aug 2024 23:25:28 +0200 Sebastian Andrzej Siewior
<sebastian at breakpoint.cc> wrote:
> This is a stable release update of openssl provided upstream. Besides
> regular fixes it addresses three CVEs which are clasified as minor and
> therefore not yet fixed.
> After this update one CVE remains open which has been clasified as low
> by upstream and requires more than one patch address it and I decided to
> delayed it until 3.0.15 is released.
>
> I am not aware of any fallout at this point.
Some flaky autopkgtests are failing [1], but nodejs regresses on all
architectures. It *seems* to me that's acceptable, one failure mode is
changed for another, but hopefully you or nodejs maintainers can
confirm, the regression is harmless (doesn't indicate a real issue with
the update).
Paul
[1] https://release.debian.org/proposed-updates/stable.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20240824/a7dee934/attachment.sig>
More information about the Pkg-javascript-devel
mailing list