GNU bug report logs - #64991
[PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages)

Previous Next

Package: guix-patches;

Reported by: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>

Date: Tue, 1 Aug 2023 13:47:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 64991-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>,
 Simon Tournier <zimon.toutoune <at> gmail.com>, paren <at> disroot.org,
 Christopher Baines <mail <at> cbaines.net>, Ricardo Wurmus <rekado <at> elephly.net>,
 Raghav Gururajan <rg <at> raghavgururajan.name>, jgart <jgart <at> dismail.de>,
 Mathieu Othacehe <othacehe <at> gnu.org>, 64991-done <at> debbugs.gnu.org
Subject: Re: bug#64991: [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5
 high, 6850 dependent packages)
Date: Thu, 28 Sep 2023 12:08:23 +0200

Hi,

Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org> skribis:

> Includes fixes for CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
> CVE-2023-0466, CVE-2023-2650, CVE-2022-4304, CVE-2022-4450.
>
> * gnu/packages/tls.scm (openssl-1.1): Update to 1.1.1u.

[...]

>  (define-public openssl-1.1
>    (package
>      (name "openssl")
> -    (version "1.1.1q")
> +    (version "1.1.1u")

Finally applied but as a graft, in commit
51e1df07b1d21840551eb8dc15b4bfe5612e1bf9.

Thanks,
Ludo’.

This bug report was last modified 1 year and 235 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #64991 [PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages)

GNU bug report logs - #64991
[PATCH 0/1] OpenSSL 1.1: Fix 8 CVEs (max score: 7.5 high, 6850 dependent packages)