[Pkg-openssl-devel] Bug#1074487: Bug#1074487: CVE-2024-5535
Sean Whitton
spwhitton at spwhitton.name
Wed Sep 4 09:12:22 BST 2024
Hello,
On Tue 03 Sep 2024 at 01:38pm +02, Sebastian Andrzej Siewior wrote:
> On 2024-09-03 10:54:40 [+0100], Sean Whitton wrote:
>> Hello openssl maintainers,
> Hi,
>
>> I'm updating openssl in bullseye as part of the LTS effort.
>>
>> Is there anyone working on uploading a fix for CVE-2024-5535 to sid?
>> Could I be of help?
>
> No, thank you.
> That CVE is of minor severity, requires a ton of patches (incl.
> follow-up) and I didn't want to bother and fix it for stable and mess
> something up by accident or not cover it properly. It did not look worth
> it.
> And since I didn't do that I didn't have a reason to touch Sid.
> Today, there will be a new OpenSSL release including the fix for it. So
> this is what I intend to upload to Sid later today and approx a week
> later (depending on time & testing) open a pu for Bookworm.
Okay. Many thanks for the update.
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20240904/945f9cc4/attachment.sig>
More information about the Pkg-openssl-devel
mailing list