Bug#1050573: bullseye-pu: package openssl/1.1.1v-0~deb11u1
On 2023-08-26 14:50:09 [+0200], To submit@bugs.debian.org wrote:
> Package: release.debian.org
> Control: affects -1 + src:openssl
> User: release.debian.org@packages.debian.org
> Usertags: pu
> Tags: bullseye
> Severity: normal
>
> This is an update of the openssl package to the 1.1.1v version, a patch release
> (bug and security fixes). This has been long overdue and was delayed on
> my side mostly due to bad timing.
> This update contains fixes for the the following CVEs:
>
> - CVE-2023-3446 (Excessive time spent checking DH keys and parameters).
> - CVE-2023-3817 (Excessive time spent checking DH q parameter value).
>
> The NEWS/ CHANGES file lists more CVEs but those have been already
> fixed via d-security. These two have been rated as minor and are port of
> this pu.
>
> Besides security fixes, this update contains non-CVE/security related
> fixes.
> I deployed this release on a handful buster/bullseye servers of mine
> with no known problems. Also I've seen no "regression" fixes on top in
> upstream's 1.1.1 branch. I am not (knowingly) able to run debci tests to
> comment on this. That said, I am not aware of a regression but willing
> to look into should something pop up.
>
> [ Checklist ]
> [x] *all* changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in (old)stable
> [x] the issue is verified as fixed in unstable
Just a friendly note that this has been filled but did not make it to
the list.
Sebastian
Reply to: