This bug was fixed in the package openssl - 3.2.2-1ubuntu1
---------------
openssl (3.2.2-1ubuntu1) oracular; urgency=medium
* Merge 3.2.2-1 from Debian unstable
- Remaining changes:
+ Symlink changelog.Debian.gz and copyright.gz from libssl-dev and
openssl to the ones in libssl3t64
+ Use perl:native in the autopkgtest for installability on i386.
+ Disable LTO with which the codebase is generally incompatible
(LP: #2058017)
+ Add fips-mode detection and adjust defaults when running in fips mode
* The changelog.gz symlink was broken (LP: #1297025)
* The copyright symlink was broken (LP: #2067672)
* Default configuration includes two paths:
- /var/lib/crypto-config/profiles/current/openssl.conf.d
- /etc/ssl/openssl.conf.d
First one is to read configuration through the crypto-config framework.
Second one is for customization by sysadmin.
openssl (3.2.2-1) unstable; urgency=medium
* Import 3.2.2
- CVE-2024-2511 (Unbounded memory growth with session handling in
TLSv1.3). (Closes: #1068658).
- CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
(Closes: #1071972).
- CVE-2024-4741 (Use After Free with SSL_free_buffers)
(Closes: #1072113).
-- Adrien Nader <[email protected]> Mon, 01 Jul 2024 17:04:32
+0200
** Changed in: openssl (Ubuntu Oracular)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-2511
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-4603
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-4741
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067672
Title:
[SRU] Openssl copyright/changelog.Debian.gz file points at non-
existent location
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/2067672/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
