Fine for me -- I'm working around this (not using Ubuntu for CI any more and/or using/building less buggy OpenSSL releases for CI).
> if it's time to re-visit that practice of not updating through minor openssl versions; it's risky to try. What risks do you see? I find it much more risky _not_ to do it: You'll retain buggy versions that are possibly also security risks: I'm counting 24 CVEs that Ubuntu with this policy willingly does not fix -- as an Ubuntu user I wouldn't be happy.... (see https://www.openssl.org/news/vulnerabilities-3.0.html) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2019970 Title: OpenSSL 3.0.2 crash in Ubuntu 22.04.2 LTS Status in openssl package in Ubuntu: Incomplete Bug description: Full bug report at https://github.com/openssl/openssl/issues/20981 No upstream impact: OpenSSL 3.0.9-dev does not contain the problem any more. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2019970/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
