[Pkg-openssl-devel] Bug#1066116: libssl3: 3.1.4-2 NEWS entry seems incorrect
Calum McConnell
calumlikesapplepie at gmail.com
Tue Mar 12 20:38:25 GMT 2024
Package: libssl3
Version: 3.1.5-1
Severity: minor
The news entry for 3.1.4-2 says, "TLSv1.0, TLSv1.1 and DTLS 1.0 work only at security level 0 (it was
previously allowed at security level 0)"
By my reading, this is saying that 3.1.4-2 changes legacy TLS to work only at security level zero,
from the previous state of... them working only at security level zero. In other words, that there
is no change.
I couldn't find the commit that changed this, so I can't say what the parenthetical should contain;
please consider either dropping the "it was previously allowed..." section, or changing it to
"allowed at security level 2" or whatever the correct answer is.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-18-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libssl3 depends on:
ii libc6 2.37-15
libssl3 recommends no packages.
libssl3 suggests no packages.
-- no debconf information
More information about the Pkg-openssl-devel
mailing list