GNU bug report logs - #64982
[PATCH v1 0/1] Fix LibreSSL CVE-2023-35784 (Score: 9.8 critical)

Previous Next

Package: guix-patches;

Reported by: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>

Date: Mon, 31 Jul 2023 23:34:02 UTC

Severity: normal

Tags: patch

Done: Andreas Enge <andreas <at> enge.fr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
To: 64982 <at> debbugs.gnu.org
Cc: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
Subject: [bug#64982] [PATCH v1 0/1] Fix LibreSSL CVE-2023-35784 (Score: 9.8 critical)
Date: Tue,  1 Aug 2023 01:33:17 +0200

Hi,

The patch that will follow updates LibreSSL to the last version to fix the
CVE-2023-35784[1]. That CVE consist of a double free and a use after free and
is considered critical according to the NIST.

[1]https://nvd.nist.gov/vuln/detail/CVE-2023-35784

While LibreSSL builds fine and that all its test pass on x86_64, it also has a
significant number of reverse dependencies (a bit more than 30) that need to
be rebuilt, so I would need help with testing:
* axel
* catgirl
* ceph
* clamav
* epic5
* gmid
* httrack
* litterbox
* openboard
* openntpd
* openscad
* opensmtpd-extras
* opensmtpd-filter-rspamd
* pam-u2f
* pounce
* python-astroalign
* python-duckdb
* python-feather-format
* python-ikarus
* python-jwst
* python-modin
* python-poliastro
* python-regions
* python-sunpy
* python-tslearn
* python-vaex-core
* r-chromunity
* r-cistopic
* r-cistopic-next
* seek
* telescope
* xarcan
* zbackup

Denis.

Denis 'GNUtoo' Carikli (1):
  gnu: libressl: Update to 3.8.0 [fixes CVE-2023-35784].

 gnu/packages/tls.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


base-commit: 39fbc041f92489ec30075a85937c8a38723752dc
-- 
2.41.0
This bug report was last modified 1 year and 254 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.