We'd need more details about the issue and its actual impact for you
since upstream doesn't consider this a security issue since it only
happens when signing, not when checking signatures (which makes sense).
Without this there is no process for pushing an update to a released

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.

  CMS_final: do not ignore CMS_dataFinal result

Status in openssl package in Ubuntu:
Status in openssl source package in Jammy:
Status in openssl source package in Kinetic:

Bug description:

  The CMS_dataFinal result is important as signature may fail, however, it
  is ignored while returning success from CMS_final.

  Please add this fix to The openssl 3.0.2 "Jammy Jellyfish (supported)"


  Upstream commit:

  commit 67c0460b89cc1b0644a1a59af78284dfd8d720af
  Author: Alon Bar-Lev <alon.bar...@gmail.com>
  Date:   Tue Jul 26 15:17:06 2022 +0300

      Handle SMIME_crlf_copy return code
      Currently the SMIME_crlf_copy result is ignored in all usages. It does
      return failure when memory allocation fails.
      This patch handles the SMIME_crlf_copy return code in all occurrences.
      Signed-off-by: Alon Bar-Lev <alon.bar...@gmail.com>
      Reviewed-by: Tomas Mraz <to...@openssl.org>
      Reviewed-by: Paul Dale <pa...@openssl.org>
      Reviewed-by: Hugo Landau <hlan...@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/18876)

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to