control: retitle -1 unblock: openssl/3.0.9-1 On 2023-05-30 22:16:53 [+0200], To sub...@bugs.debian.org wrote: > > Please unblock package openssl. > > The 3.0.9 release contains security and non-security related fixes for > the package. There are five new CVEs in total that has been addressed. > One with "moderate" severity. From the package's changelog: > > - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy > Constraints) (Closes: #1034720). > - CVE-2023-0465 (Invalid certificate policies in leaf certificates are > silently ignored). > - CVE-2023-0466 (Certificate policy check not enabled). > - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption). > - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers). > - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 > bit ARM). > > The package built on all release architectures (it is still building on > mipsel at the of writing but I expect it to pass). > The openssl testsuite run on all architectures during the build process. > Please find attached the debdiff vs the version in testing. > > unblock openssl/3.0.9-1
Sebastian
