On 2024-09-03 10:54:40 [+0100], Sean Whitton wrote: > Hello openssl maintainers, Hi,
> I'm updating openssl in bullseye as part of the LTS effort. > > Is there anyone working on uploading a fix for CVE-2024-5535 to sid? > Could I be of help? No, thank you. That CVE is of minor severity, requires a ton of patches (incl. follow-up) and I didn't want to bother and fix it for stable and mess something up by accident or not cover it properly. It did not look worth it. And since I didn't do that I didn't have a reason to touch Sid. Today, there will be a new OpenSSL release including the fix for it. So this is what I intend to upload to Sid later today and approx a week later (depending on time & testing) open a pu for Bookworm. > Thanks. Sebastian
