Bug 8451 - [UPDATE REQUEST 2016.1] openssl 1.0.2m
: [UPDATE REQUEST 2016.1] openssl 1.0.2m
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-03 01:07 MSK by Алзим
Modified: 2017-11-13 19:34 MSK (History)
2 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алзим 2017-11-03 01:07:36 MSK
Доступны корректирующие выпуски криптографической библиотеки OpenSSL 1.0.2m и 1.1.0g , в которых устранены две уязвимости, из которых одна отмечена как неопасная (CVE-2017-3735), а вторая (CVE-2017-3736) отнесена к категории проблем среднего уровня опасности.
Comment 1 Алзим 2017-11-03 01:24:40 MSK
Updated to 1.0.2m 
https://abf.io/build_lists/2907784
https://abf.io/build_lists/2907785
Comment 2 Vladimir Potapov 2017-11-07 19:59:29 MSK
The update is sent to expanded testing
**************************************
Comment 3 Andrey Bondrov 2017-11-09 09:10:12 MSK
Advisory: "Update OpenSSL to new version 1.0.2m. Build additional libcrypto.so.10 and libssl.so.10 library packages for compatibility with RHEL/Fedora (needed for some non-free software)"

https://abf.rosalinux.ru/build_lists/2909182
https://abf.rosalinux.ru/build_lists/2909183
Comment 4 Vladimir Potapov 2017-11-09 14:06:16 MSK
The update is sent to expanded testing
****************************************
Comment 5 Vladimir Potapov 2017-11-13 18:14:41 MSK
openssl-1.0.2m-2
https://abf.rosalinux.ru/build_lists/2909182
https://abf.rosalinux.ru/build_lists/2909183
******************************** Advisory *********************************
Fix CVE-2017-3735 and CVE-2017-3736. Update OpenSSL to new version 1.0.2m. Build additional libcrypto.so.10 and libssl.so.10 library packages for compatibility with RHEL/Fedora (needed for some non-free software)
****************************************************************************
QA Verified