* [bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages)
@ 2023-08-01 15:36 Denis 'GNUtoo' Carikli
2023-08-01 16:36 ` [bug#64997] [PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes] Denis 'GNUtoo' Carikli
0 siblings, 1 reply; 2+ messages in thread
From: Denis 'GNUtoo' Carikli @ 2023-08-01 15:36 UTC (permalink / raw)
To: 64997; +Cc: Denis 'GNUtoo' Carikli
The patch that will follow updates OpenSSL 3.0 to the last version to fix the
following CVEs:
* CVE-2023-0464 [1]
* CVE-2023-0465 [2]
* CVE-2023-0466 [3]
* CVE-2023-1255 [4]
* CVE-2023-2650 [5]
* CVE-2023-2975 [6]
[1]https://nvd.nist.gov/vuln/detail/CVE-2023-0464
[2]https://nvd.nist.gov/vuln/detail/CVE-2023-0465
[3]https://nvd.nist.gov/vuln/detail/CVE-2023-0466
[4]https://nvd.nist.gov/vuln/detail/CVE-2023-1255
[5]https://nvd.nist.gov/vuln/detail/CVE-2023-2650
[6]https://nvd.nist.gov/vuln/detail/CVE-2023-2975
While OpenSSL builds fine and that all its test pass on x86_64, it also has a
significant number of reverse dependencies (about 8680, so more than 300) that
need to be rebuilt.
Denis 'GNUtoo' Carikli (1):
gnu: openssl: Update to 3.0.10 [security fixes].
gnu/packages/tls.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
base-commit: 39fbc041f92489ec30075a85937c8a38723752dc
--
2.41.0
^ permalink raw reply [flat|nested] 2+ messages in thread
* [bug#64997] [PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes].
2023-08-01 15:36 [bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages) Denis 'GNUtoo' Carikli
@ 2023-08-01 16:36 ` Denis 'GNUtoo' Carikli
0 siblings, 0 replies; 2+ messages in thread
From: Denis 'GNUtoo' Carikli @ 2023-08-01 16:36 UTC (permalink / raw)
To: 64997; +Cc: Denis 'GNUtoo' Carikli
Includes fixes for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255,
CVE-2023-2650, CVE-2023-2975.
* gnu/packages/tls.scm (openssl): Update to 3.0.10.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
---
gnu/packages/tls.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f51c47db04..62d9ce75ac 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -570,7 +570,7 @@ (define openssl/fixed
(define-public openssl-3.0
(package
(inherit openssl-1.1)
- (version "3.0.8")
+ (version "3.0.10")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -583,7 +583,7 @@ (define-public openssl-3.0
(patches (search-patches "openssl-3.0-c-rehash-in.patch"))
(sha256
(base32
- "0gjb7qjl2jnzs1liz3rrccrddxbk6q3lg8z27jn1xwzx72zx44vc"))))
+ "08rkx3f2qg8rsxhzwshg6z4ys37bgzhvim7knswjh41sn7sx8q8p"))))
(arguments
(substitute-keyword-arguments (package-arguments openssl-1.1)
((#:phases phases '%standard-phases)
--
2.41.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-08-01 16:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-01 15:36 [bug#64997] [PATCH 0/1] OpenSSL 3.0: Fix 6 CVEs (max score: 7.5 high, 8680 dependent packages) Denis 'GNUtoo' Carikli
2023-08-01 16:36 ` [bug#64997] [PATCH 1/1] gnu: openssl: Update to 3.0.10 [security fixes] Denis 'GNUtoo' Carikli
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).