We'd need more details about the issue and its actual impact for you
since upstream doesn't consider this a security issue since it only
happens when signing, not when checking signatures (which makes sense).
Without this there is no process for pushing an update to a released
version.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165

Title:
  CMS_final: do not ignore CMS_dataFinal result

Status in openssl package in Ubuntu:
  Triaged
Status in openssl source package in Jammy:
  Triaged
Status in openssl source package in Kinetic:
  Triaged

Bug description:
  https://github.com/openssl/openssl/pull/18876

  The CMS_dataFinal result is important as signature may fail, however, it
  is ignored while returning success from CMS_final.

  Please add this fix to The openssl 3.0.2 "Jammy Jellyfish (supported)"

  Thanks

  Upstream commit:

  ```
  commit 67c0460b89cc1b0644a1a59af78284dfd8d720af
  Author: Alon Bar-Lev <alon.bar...@gmail.com>
  Date:   Tue Jul 26 15:17:06 2022 +0300

      Handle SMIME_crlf_copy return code
      
      Currently the SMIME_crlf_copy result is ignored in all usages. It does
      return failure when memory allocation fails.
      
      This patch handles the SMIME_crlf_copy return code in all occurrences.
      
      Signed-off-by: Alon Bar-Lev <alon.bar...@gmail.com>
      
      Reviewed-by: Tomas Mraz <to...@openssl.org>
      Reviewed-by: Paul Dale <pa...@openssl.org>
      Reviewed-by: Hugo Landau <hlan...@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/18876)
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1994165/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to