OEM Priority Project

  1. Bug #2067672
  2. Comment #10

Comment 10 for bug 2067672

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 3.2.2-1ubuntu1

---------------
openssl (3.2.2-1ubuntu1) oracular; urgency=medium

  * Merge 3.2.2-1 from Debian unstable
    - Remaining changes:
      + Symlink changelog.Debian.gz and copyright.gz from libssl-dev and
        openssl to the ones in libssl3t64
      + Use perl:native in the autopkgtest for installability on i386.
      + Disable LTO with which the codebase is generally incompatible
        (LP: #2058017)
      + Add fips-mode detection and adjust defaults when running in fips mode
  * The changelog.gz symlink was broken (LP: #1297025)
  * The copyright symlink was broken (LP: #2067672)
  * Default configuration includes two paths:
    - /var/lib/crypto-config/profiles/current/openssl.conf.d
    - /etc/ssl/openssl.conf.d
    First one is to read configuration through the crypto-config framework.
    Second one is for customization by sysadmin.

openssl (3.2.2-1) unstable; urgency=medium

  * Import 3.2.2
    - CVE-2024-2511 (Unbounded memory growth with session handling in
      TLSv1.3). (Closes: #1068658).
    - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
      (Closes: #1071972).
    - CVE-2024-4741 (Use After Free with SSL_free_buffers)
      (Closes: #1072113).

 -- Adrien Nader <email address hidden> Mon, 01 Jul 2024 17:04:32 +0200