Comment 3 for bug 2044795

This bug was fixed in the package openssl - 3.3.1-2ubuntu1

---------------
openssl (3.3.1-2ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2044795). Remaining changes:
    - Use perl:native in the autopkgtest for installability on i386.
    - Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
    - Disable LTO with which the codebase is generally incompatible (LP #2058017)
    - Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
    - patch: crypto: Add kernel FIPS mode detection
    - patch: crypto: Automatically use the FIPS provider...
    - patch: apps/speed: Omit unavailable algorithms in FIPS mode
    - patch: apps: pass -propquery arg to the libctx DRBG fetches
    - patch: test: Ensure encoding runs with the correct context...
    - SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
      - debian/patches/CVE-2024-5535*.patch: validate provided client list in
        ssl/ssl_lib.c.
      - CVE-2024-5535

openssl (3.3.1-2) unstable; urgency=medium

  * Upload to unstable.
  * Add support for hurd-amd64, patch by Samuel Thibault (Closes: #1076324).
  * Use the static archive from the shared build.

openssl (3.3.1-1) experimental; urgency=medium

  * Import 3.3.1.
    - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
      (Closes: #1071972).
    - CVE-2024-4741 (Use After Free with SSL_free_buffers)
      (Closes: #1072113).

openssl (3.3.0-1) experimental; urgency=medium

  * Import 3.3.0.
    - CVE-2024-2511 (Unbounded memory growth with session handling in TLSv1.3)
      (Closes: #1068658).

openssl (3.3.0~beta1-1) experimental; urgency=medium

  * Import 3.3.0-beta1.

 -- Simon Chopin <email address hidden> Mon, 12 Aug 2024 13:49:56 +0200