Re: Bug#959469: buster-pu: package openssl/1.1.1g-1
On Sun, 2020-11-15 at 11:29 +0100, Sebastian Andrzej Siewior wrote:
> control: retitle -1 buster-pu: package openssl/1.1.1h-1
>
> On 2020-05-02 22:34:40 [+0100], Adam D. Barratt wrote:
> > > > Do we have any feeling for how widespread such certificates
> > > > might be?
> > > > The fact that there have been two different upstream reports
> > > > isn't particularly comforting.
> > >
> > > This is correct. I don't know if there is tooling that is
> > > generating broken certificates or just some individuals. I
> > > updated my two OpenVPN instances and I saw clients connecting
> > > again.
> >
> > Thanks for the information.
>
> look at that. I deployed it locally and forgot all about it. Now I
> was going to open a pu for 1.1.1h and noticed that I didn't finish
> this one.
>
> I hereby propose an update to 1.1.1h.
Predictably we're again quite close to a point release. :-( (One week
from freeze, specifically.)
Looking at the upstream issues regarding certificate validation changes
between 1.1.1e and f/g, #11456 appears to have been addressed already,
but #11625 is still open and looks stalled. Have you seen any more
reports of that issue?
Regards,
Adam
Reply to: