Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1

To: submit@bugs.debian.org
Subject: Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Mon, 4 Mar 2024 07:38:21 +0100
Message-id: <[🔎] 20240304063821.phCTvkRp@breakpoint.cc>
Reply-to: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 1065413@bugs.debian.org

Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: openssl@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebastian@breakpoint.cc
Severity: normal

This is an update to the current stable OpenSSL release in the 3.0.x
series. It addresses the following CVE reports which were postponed due
to low severity:

- CVE-2023-5678 (Fix excessive time spent in DH check / generation with
  large Q parameter value)
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
  PowerPC)
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
- CVE-2024-0727 (PKCS12 Decoding crashes)

I'm not aware of a problems/ regression at this point. During the upload
of 3.1.x release to upstable at the time m2crypto and nodejs failed to
build. I verified that m2crypto in stable and nodejs in stable-security
build against this version of openssl.

Sebastian

Reply to:

Follow-Ups:
- Processed: bookworm-pu: package openssl/3.0.13-1~deb12u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#1065413: openssl 3.0.13-1~deb12u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Processed: bookworm-pu: package openssl/3.0.13-1~deb12u1
Next by Date: Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1
Previous by thread: Re: What to do with d-i on armel?
Next by thread: Processed: bookworm-pu: package openssl/3.0.13-1~deb12u1
Index(es):
- Date
- Thread