[Pkg-openssl-devel] Bug#947949: openssl: CVE-2019-1551

Salvatore Bonaccorso carnil at debian.org
Thu Jan 2 19:02:57 GMT 2020


Hi Sebastian,

On Thu, Jan 02, 2020 at 06:10:06PM +0000, Sebastian Andrzej Siewior wrote:
> On January 2, 2020 3:50:46 PM UTC, Salvatore Bonaccorso <carnil at debian.org> wrote:
> >If you fix the vulnerability please also make sure to include the
> >CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> There is no upstream release which includes this fix (except for the
> 1.0.2 series). Should we quickly address this or is it okay to wait
> for the next upstream release? I  could do this if this is preferred
> given that this is fixed in Stretch.

I think it's perfectly fine to wait for this until there is the next
upstream release of openssl. I just filled the bug for have it
tracked, but I think it's rather minor, and has not an elevated
urgency to be now adressed via a DSA and cherry-pick the fix only.

Regards,
Salvatore



More information about the Pkg-openssl-devel mailing list