[Pkg-openssl-devel] Bug#1074487: Bug#1074487: CVE-2024-5535
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Tue Sep 3 12:38:58 BST 2024
On 2024-09-03 10:54:40 [+0100], Sean Whitton wrote:
> Hello openssl maintainers,
Hi,
> I'm updating openssl in bullseye as part of the LTS effort.
>
> Is there anyone working on uploading a fix for CVE-2024-5535 to sid?
> Could I be of help?
No, thank you.
That CVE is of minor severity, requires a ton of patches (incl.
follow-up) and I didn't want to bother and fix it for stable and mess
something up by accident or not cover it properly. It did not look worth
it.
And since I didn't do that I didn't have a reason to touch Sid.
Today, there will be a new OpenSSL release including the fix for it. So
this is what I intend to upload to Sid later today and approx a week
later (depending on time & testing) open a pu for Bookworm.
> Thanks.
Sebastian
More information about the Pkg-openssl-devel
mailing list