GNU bug report logs -
#64997
[PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages)
Previous Next
To reply to this bug, email your comments to 64997 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#64997
; Package
guix-patches
.
(Tue, 01 Aug 2023 16:33:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Tue, 01 Aug 2023 16:33:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
The patch that will follow updates OpenSSL 3.0 to the last version to fix the
following CVEs:
* CVE-2023-0464 [1]
* CVE-2023-0465 [2]
* CVE-2023-0466 [3]
* CVE-2023-1255 [4]
* CVE-2023-2650 [5]
* CVE-2023-2975 [6]
[1]https://nvd.nist.gov/vuln/detail/CVE-2023-0464
[2]https://nvd.nist.gov/vuln/detail/CVE-2023-0465
[3]https://nvd.nist.gov/vuln/detail/CVE-2023-0466
[4]https://nvd.nist.gov/vuln/detail/CVE-2023-1255
[5]https://nvd.nist.gov/vuln/detail/CVE-2023-2650
[6]https://nvd.nist.gov/vuln/detail/CVE-2023-2975
While OpenSSL builds fine and that all its test pass on x86_64, it also has a
significant number of reverse dependencies (about 8680, so more than 300) that
need to be rebuilt.
Denis 'GNUtoo' Carikli (1):
gnu: openssl: Update to 3.0.10 [security fixes].
gnu/packages/tls.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
base-commit: 39fbc041f92489ec30075a85937c8a38723752dc
--
2.41.0
Information forwarded
to
, guix-patches <at> gnu.org
:
bug#64997
; Package
guix-patches
.
(Tue, 01 Aug 2023 16:37:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 64997 <at> debbugs.gnu.org (full text, mbox):
Includes fixes for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255,
CVE-2023-2650, CVE-2023-2975.
* gnu/packages/tls.scm (openssl): Update to 3.0.10.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
---
gnu/packages/tls.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f51c47db04..62d9ce75ac 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -570,7 +570,7 @@ (define openssl/fixed
(define-public openssl-3.0
(package
(inherit openssl-1.1)
- (version "3.0.8")
+ (version "3.0.10")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -583,7 +583,7 @@ (define-public openssl-3.0
(patches (search-patches "openssl-3.0-c-rehash-in.patch"))
(sha256
(base32
- "0gjb7qjl2jnzs1liz3rrccrddxbk6q3lg8z27jn1xwzx72zx44vc"))))
+ "08rkx3f2qg8rsxhzwshg6z4ys37bgzhvim7knswjh41sn7sx8q8p"))))
(arguments
(substitute-keyword-arguments (package-arguments openssl-1.1)
((#:phases phases '%standard-phases)
--
2.41.0
This bug report was last modified 1 year and 143 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.