Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: openssl@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebastian@breakpoint.cc
Severity: normal
This is an update to the current stable OpenSSL release in the 3.0.x
series. It addresses the following CVE reports which were postponed due
to low severity:
- CVE-2023-5678 (Fix excessive time spent in DH check / generation with
large Q parameter value)
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
PowerPC)
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
- CVE-2024-0727 (PKCS12 Decoding crashes)
I'm not aware of a problems/ regression at this point. During the upload
of 3.1.x release to upstable at the time m2crypto and nodejs failed to
build. I verified that m2crypto in stable and nodejs in stable-security
build against this version of openssl.
Sebastian
Reply to: