Hi Sebastian,
On Sat, 17 Aug 2024 23:25:28 +0200 Sebastian Andrzej Siewior
<sebastian@breakpoint.cc> wrote:
> This is a stable release update of openssl provided upstream. Besides
> regular fixes it addresses three CVEs which are clasified as minor and
> therefore not yet fixed.
> After this update one CVE remains open which has been clasified as low
> by upstream and requires more than one patch address it and I decided to
> delayed it until 3.0.15 is released.
>
> I am not aware of any fallout at this point.
Some flaky autopkgtests are failing [1], but nodejs regresses on all
architectures. It *seems* to me that's acceptable, one failure mode is
changed for another, but hopefully you or nodejs maintainers can
confirm, the regression is harmless (doesn't indicate a real issue with
the update).
Indeed, it is harmless.
Upstream nodejs has fixed this in the 20.x branch by allowing both error codes in the failing test.
Jérémy