OpenSSL 1.1.0c was released today. It fixes CVE-2016-{7053,7054,7055}:
https://www.openssl.org/news/secadv/20161110.txtThis version of OpenSSL is *not* currently used by any packages, so it's not a critical "drop everything and get to work" update, in my opinion. They changed how library runpaths are recorded at build time, and so our packaging no longer works: https://github.com/openssl/openssl/pull/1699 I can tackle it in the next few days if nobody else gets to it first.
signature.asc
Description: PGP signature
