Package: release.debian.org Control: affects -1 + src:openssl X-Debbugs-Cc: open...@packages.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: bookworm X-Debbugs-Cc: sebast...@breakpoint.cc Severity: normal
This is an update to the current stable OpenSSL release in the 3.0.x series. It addresses the following CVE reports which were postponed due to low severity: - CVE-2023-5678 (Fix excessive time spent in DH check / generation with large Q parameter value) - CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on PowerPC) - CVE-2023-6237 (Excessive time spent checking invalid RSA public keys) - CVE-2024-0727 (PKCS12 Decoding crashes) I'm not aware of a problems/ regression at this point. During the upload of 3.1.x release to upstable at the time m2crypto and nodejs failed to build. I verified that m2crypto in stable and nodejs in stable-security build against this version of openssl. Sebastian