On 2023-08-26 14:50:09 [+0200], To sub...@bugs.debian.org wrote: > This is an update of the openssl package to the 1.1.1v version, a patch > release
Upstream announced to release 1.1.1w on 11th September. They said it is a "security-fix" with the highest severity defined as "low". This is also the case for the current two CVEs. Therefore I assume that they don't have to be fixed asap (i.e. via -security). Also it will be the last 1.1.1 release since it will reach EOL on the 11th. I will prepare an update… The upstream announcement: https://mta.openssl.org/pipermail/openssl-announce/2023-September/000271.html: Sebastian