[Bug 2044795] Re: Please merge openssl from debian unstable

Launchpad Bug Tracker 2044795 at bugs.launchpad.net
Sat Aug 24 12:13:49 UTC 2024 

This bug was fixed in the package openssl - 3.3.1-2ubuntu1

---------------
openssl (3.3.1-2ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2044795). Remaining changes:
    - Use perl:native in the autopkgtest for installability on i386.
    - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
    - Disable LTO with which the codebase is generally incompatible (LP #2058017)
    - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
    - patch: crypto: Add kernel FIPS mode detection
    - patch: crypto: Automatically use the FIPS provider...
    - patch: apps/speed: Omit unavailable algorithms in FIPS mode
    - patch: apps: pass -propquery arg to the libctx DRBG fetches
    - patch: test: Ensure encoding runs with the correct context...
    - SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
      - debian/patches/CVE-2024-5535*.patch: validate provided client list in
        ssl/ssl_lib.c.
      - CVE-2024-5535

openssl (3.3.1-2) unstable; urgency=medium

  * Upload to unstable.
  * Add support for hurd-amd64, patch by Samuel Thibault (Closes: #1076324).
  * Use the static archive from the shared build.

openssl (3.3.1-1) experimental; urgency=medium

  * Import 3.3.1.
    - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
      (Closes: #1071972).
    - CVE-2024-4741 (Use After Free with SSL_free_buffers)
      (Closes: #1072113).

openssl (3.3.0-1) experimental; urgency=medium

  * Import 3.3.0.
    - CVE-2024-2511 (Unbounded memory growth with session handling in TLSv1.3)
      (Closes: #1068658).

openssl (3.3.0~beta1-1) experimental; urgency=medium

  * Import 3.3.0-beta1.

 -- Simon Chopin <schopin at ubuntu.com>  Mon, 12 Aug 2024 13:49:56 +0200

** Changed in: openssl (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-2511

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-4603

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-4741

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-5535

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2044795

Title:
  Please merge openssl from debian unstable

Status in openssl package in Ubuntu:
  Fix Released

Bug description:
  tracking bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2044795/+subscriptions

More information about the foundations-bugs mailing list