Bug 8452 - [UPDATE REQUEST 2014.1] openssl 1.0.2m
: [UPDATE REQUEST 2014.1] openssl 1.0.2m
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-03 01:12 MSK by Алзим
Modified: 2017-11-13 19:39 MSK (History)
2 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алзим 2017-11-03 01:12:48 MSK
Доступны корректирующие выпуски криптографической библиотеки OpenSSL 1.0.2m и 1.1.0g , в которых устранены две уязвимости, из которых одна отмечена как неопасная (CVE-2017-3735), а вторая (CVE-2017-3736) отнесена к категории проблем среднего уровня опасности.
Comment 1 Алзим 2017-11-03 01:18:57 MSK
Updated to 1.0.2m 
https://abf.io/build_lists/2907786
https://abf.io/build_lists/2907787
Comment 2 Vladimir Potapov 2017-11-08 19:52:43 MSK
The update is sent to expanded testing
*****************************************
Comment 3 Andrey Bondrov 2017-11-09 11:15:49 MSK
Advisory: "Update OpenSSL to new version 1.0.2m. Build additional libcrypto.so.10 and libssl.so.10 library packages for compatibility with RHEL/Fedora (needed for some non-free software)"

https://abf.rosalinux.ru/build_lists/2909200
https://abf.rosalinux.ru/build_lists/2909201
Comment 4 Vladimir Potapov 2017-11-09 15:39:50 MSK
The update is sent to expanded testing
************************************
Comment 5 Vladimir Potapov 2017-11-13 18:12:53 MSK
openssl-1.0.2m-2
https://abf.rosalinux.ru/build_lists/2909200
https://abf.rosalinux.ru/build_lists/2909201
*************************** Advisory ******************************
Fix (CVE-2017-3735) and  (CVE-2017-3736). Update OpenSSL to new version 1.0.2m. Build additional libcrypto.so.10 and libssl.so.10 library packages for compatibility with RHEL/Fedora (needed for some non-free software)
********************************************************************
QA Verified