[Pkg-openssl-devel] Bug#959469: buster-pu: package openssl/1.1.1g-1
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat May 2 17:36:42 BST 2020
Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: buster
Severity: normal
I'm fairly late, I know.
The last update was addressed via DSA providing only a patch for the CVE
with severity high. This pu updates Buster's OpenSSL version from `d' to
current `g' fixing CVE-2019-1551 which was earlier skipped due to its
low severity.
The "EOF" bug-fix-regression introduced in `e' is reverted again in `g'.
OpenSSL now checks certificates more strictly. There should be no
problems with "officially" issued certificats but some certificates
contain an invalid (combination of) attributes which are now. The `g'
version is since 25th April in testing and received no bug reports but
OpenSSL upstream received [0], [1] for custom issued OpenVPN
certificates.
Please find attached a compressed debdiff since last security update.
[0] https://github.com/openssl/openssl/issues/11456
[1] https://github.com/openssl/openssl/issues/11625
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl.diff.xz
Type: application/x-xz
Size: 1022024 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20200502/5434e3c3/attachment-0001.xz>
More information about the Pkg-openssl-devel
mailing list