Your message dated Sat, 29 Jun 2024 10:46:16 +0000
with message-id <[email protected]>
and subject line Released with 12.6
has caused the Debian Bug report #1065413,
regarding bookworm-pu: package openssl/3.0.13-1~deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1065413: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065413
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: [email protected]
User: [email protected]
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: [email protected]
Severity: normal
This is an update to the current stable OpenSSL release in the 3.0.x
series. It addresses the following CVE reports which were postponed due
to low severity:
- CVE-2023-5678 (Fix excessive time spent in DH check / generation with
large Q parameter value)
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
PowerPC)
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
- CVE-2024-0727 (PKCS12 Decoding crashes)
I'm not aware of a problems/ regression at this point. During the upload
of 3.1.x release to upstable at the time m2crypto and nodejs failed to
build. I verified that m2crypto in stable and nodejs in stable-security
build against this version of openssl.
Sebastian
--- End Message ---
--- Begin Message ---
Version: 12.6
The upload requested in this bug has been released as part of 12.6.
--- End Message ---
