Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
Hi Sebastian, On Tue, Apr 09, 2024 at 06:18:13PM +0200, Sebastian Andrzej Siewior wrote: > On 2024-04-07 23:46:28 [+0200], To Adam D. Barratt wrote: > > On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote: > > > > > > Sorry for not getting to this sooner. Is this still the case? > > > > So. This happened #1068045 (yapet broke with 1.0 format) due to the > > update. On the bright side it has been broken in unstable but unnoticed. > > Looking into it but also sleeping (but making progress). > > yapet is fixed in unstable. My understanding is that the maintainer will > take care of it. After exposure of the upload in unstable for two days, uploaded now as well to bookworm. Filled #1068836. Regards, Salvatore
Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
On 2024-04-07 23:46:28 [+0200], To Adam D. Barratt wrote: > On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote: > > > > Sorry for not getting to this sooner. Is this still the case? > > So. This happened #1068045 (yapet broke with 1.0 format) due to the > update. On the bright side it has been broken in unstable but unnoticed. > Looking into it but also sleeping (but making progress). yapet is fixed in unstable. My understanding is that the maintainer will take care of it. I've been looking at the release.d.o page and there are deb-ci failures for nodejs. Those should be gone with nodejs/18.19.0+dfsg-6~deb12u1 which is in d-security. So based on this I would say all good ;) > > Regards, > > > > Adam Sebastian
Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote: > > Sorry for not getting to this sooner. Is this still the case? So. This happened #1068045 (yapet broke with 1.0 format) due to the update. On the bright side it has been broken in unstable but unnoticed. Looking into it but also sleeping (but making progress). > Regards, > > Adam Sebastian
Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote: > On Mon, 2024-03-04 at 07:38 +0100, Sebastian Andrzej Siewior wrote: > > This is an update to the current stable OpenSSL release in the 3.0.x > > series. It addresses the following CVE reports which were postponed > > due to low severity: > [...] > > I'm not aware of a problems/ regression at this point. > > Sorry for not getting to this sooner. Is this still the case? Yes. > Regards, > > Adam Sebastian
Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
On Mon, 2024-03-04 at 07:38 +0100, Sebastian Andrzej Siewior wrote: > This is an update to the current stable OpenSSL release in the 3.0.x > series. It addresses the following CVE reports which were postponed > due to low severity: [...] > I'm not aware of a problems/ regression at this point. Sorry for not getting to this sooner. Is this still the case? Regards, Adam
Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
Package: release.debian.org Control: affects -1 + src:openssl X-Debbugs-Cc: open...@packages.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: bookworm X-Debbugs-Cc: sebast...@breakpoint.cc Severity: normal This is an update to the current stable OpenSSL release in the 3.0.x series. It addresses the following CVE reports which were postponed due to low severity: - CVE-2023-5678 (Fix excessive time spent in DH check / generation with large Q parameter value) - CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on PowerPC) - CVE-2023-6237 (Excessive time spent checking invalid RSA public keys) - CVE-2024-0727 (PKCS12 Decoding crashes) I'm not aware of a problems/ regression at this point. During the upload of 3.1.x release to upstable at the time m2crypto and nodejs failed to build. I verified that m2crypto in stable and nodejs in stable-security build against this version of openssl. Sebastian