[bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 86

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 86

From:	Denis 'GNUtoo' Carikli
Subject:	[bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages)
Date:	Tue, 1 Aug 2023 17:36:22 +0200

The patch that will follow updates OpenSSL 3.0 to the last version to fix the
following CVEs:
* CVE-2023-0464 [1]
* CVE-2023-0465 [2]
* CVE-2023-0466 [3]
* CVE-2023-1255 [4]
* CVE-2023-2650 [5]
* CVE-2023-2975 [6]

[1]https://nvd.nist.gov/vuln/detail/CVE-2023-0464
[2]https://nvd.nist.gov/vuln/detail/CVE-2023-0465
[3]https://nvd.nist.gov/vuln/detail/CVE-2023-0466
[4]https://nvd.nist.gov/vuln/detail/CVE-2023-1255
[5]https://nvd.nist.gov/vuln/detail/CVE-2023-2650
[6]https://nvd.nist.gov/vuln/detail/CVE-2023-2975

While OpenSSL builds fine and that all its test pass on x86_64, it also has a
significant number of reverse dependencies (about 8680, so more than 300) that
need to be rebuilt.

Denis 'GNUtoo' Carikli (1):
  gnu: openssl: Update to 3.0.10 [security fixes].

 gnu/packages/tls.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


base-commit: 39fbc041f92489ec30075a85937c8a38723752dc
-- 
2.41.0

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages), Denis 'GNUtoo' Carikli <=
- [bug#64997] [PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes]., Denis 'GNUtoo' Carikli, 2023/08/01

Prev by Date: [bug#64994] [PATCH] gnu: john-the-ripper-jumbo: Fix compilation with GCC 11+.
Next by Date: [bug#64997] [PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes].
Previous by thread: [bug#64994] [PATCH] gnu: john-the-ripper-jumbo: Fix compilation with GCC 11+.
Next by thread: [bug#64997] [PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes].
Index(es):
- Date
- Thread