* Merge 3.2.2-1 from Debian unstable
- Remaining changes:
+ Symlink changelog.Debian.gz and copyright.gz from libssl-dev and
openssl to the ones in libssl3t64
+ Use perl:native in the autopkgtest for installability on i386.
+ Disable LTO with which the codebase is generally incompatible
(LP: #2058017)
+ Add fips-mode detection and adjust defaults when running in fips mode
* The changelog.gz symlink was broken (LP: #1297025)
* The copyright symlink was broken (LP: #2067672)
* Default configuration includes two paths:
- /var/lib/crypto-config/profiles/current/openssl.conf.d
- /etc/ssl/openssl.conf.d
First one is to read configuration through the crypto-config framework.
Second one is for customization by sysadmin.
openssl (3.2.2-1) unstable; urgency=medium
* Import 3.2.2
- CVE-2024-2511 (Unbounded memory growth with session handling in
TLSv1.3). (Closes: #1068658).
- CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
(Closes: #1071972).
- CVE-2024-4741 (Use After Free with SSL_free_buffers)
(Closes: #1072113).
This bug was fixed in the package openssl - 3.2.2-1ubuntu1
---------------
openssl (3.2.2-1ubuntu1) oracular; urgency=medium
* Merge 3.2.2-1 from Debian unstable crypto- config/ profiles/ current/ openssl. conf.d openssl. conf.d
- Remaining changes:
+ Symlink changelog.Debian.gz and copyright.gz from libssl-dev and
openssl to the ones in libssl3t64
+ Use perl:native in the autopkgtest for installability on i386.
+ Disable LTO with which the codebase is generally incompatible
(LP: #2058017)
+ Add fips-mode detection and adjust defaults when running in fips mode
* The changelog.gz symlink was broken (LP: #1297025)
* The copyright symlink was broken (LP: #2067672)
* Default configuration includes two paths:
- /var/lib/
- /etc/ssl/
First one is to read configuration through the crypto-config framework.
Second one is for customization by sysadmin.
openssl (3.2.2-1) unstable; urgency=medium
* Import 3.2.2
- CVE-2024-2511 (Unbounded memory growth with session handling in
TLSv1.3). (Closes: #1068658).
- CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
(Closes: #1071972).
- CVE-2024-4741 (Use After Free with SSL_free_buffers)
(Closes: #1072113).
-- Adrien Nader <email address hidden> Mon, 01 Jul 2024 17:04:32 +0200