Debian Bug report logs -
#1023424
openssl: CVE-2022-2097
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>:
Bug#1023424; Package openssl.
(Thu, 03 Nov 2022 20:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "nospam099-github@yahoo.com" <nospam099-github@yahoo.com>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>.
(Thu, 03 Nov 2022 20:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: OpenSSL
Version: 1.1.1n-0+deb11u3
Severity: critical
Tags: bullseye security fixed-upstream
Description:
The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities:
* (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] (critical)
* (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] (critical)
* (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] (medium)
Fix:
Updating the package to version (OpenSSL1.1.1s)[https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1s] would resolve them.
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>:
Bug#1023424; Package openssl.
(Thu, 03 Nov 2022 20:54:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>.
(Thu, 03 Nov 2022 20:54:02 GMT) (full text, mbox, link).
Message #10 received at 1023424@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/html, inline)]
[favicon.ico (image/vnd.microsoft.icon, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>:
Bug#1023424; Package openssl.
(Thu, 03 Nov 2022 21:09:07 GMT) (full text, mbox, link).
Acknowledgement sent
to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>.
(Thu, 03 Nov 2022 21:09:07 GMT) (full text, mbox, link).
Message #15 received at 1023424@bugs.debian.org (full text, mbox, reply):
Control: severity -1 important
Control: tags -1 - bullseye
On Thu, 2022-11-03 at 20:35 +0000, nospam099-github@yahoo.com wrote:
> The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities:
> * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292]
> (critical)
> * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068]
> (critical)
No. Both of the above are already resolved in 1.1.1n-0+deb11u3, as
indicated by https://security-tracker.debian.org/tracker/CVE-2022-1292
and https://security-tracker.debian.org/tracker/CVE-2022-2068 (indeed,
the former was fixed in 1.1.1n-0+deb11u2).
> * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097]
> (medium)
>
and https://security-tracker.debian.org/tracker/CVE-2022-2097 has this
tagged as waiting for additional updates to fix it alongside.
Regards,
Adam
Severity set to 'important' from 'critical'
Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk>
to 1023424-submit@bugs.debian.org.
(Thu, 03 Nov 2022 21:09:07 GMT) (full text, mbox, link).
Removed tag(s) bullseye.
Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk>
to 1023424-submit@bugs.debian.org.
(Thu, 03 Nov 2022 21:09:08 GMT) (full text, mbox, link).
Changed Bug title to 'openssl: CVE-2022-2097' from 'Vulnerabilities CVE-2022-1292, CVE-2022-2068, CVE-2022-2097'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 03 Nov 2022 21:51:14 GMT) (full text, mbox, link).
Marked as fixed in versions openssl/3.0.5-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 03 Nov 2022 22:03:05 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 03 Nov 2022 22:03:05 GMT) (full text, mbox, link).
Notification sent
to "nospam099-github@yahoo.com" <nospam099-github@yahoo.com>:
Bug acknowledged by developer.
(Thu, 03 Nov 2022 22:03:06 GMT) (full text, mbox, link).
Message sent on
to "nospam099-github@yahoo.com" <nospam099-github@yahoo.com>:
Bug#1023424.
(Thu, 03 Nov 2022 22:03:08 GMT) (full text, mbox, link).
Message #30 received at 1023424-submitter@bugs.debian.org (full text, mbox, reply):
close 1023424 3.0.5-1
thanks
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Nov 4 13:24:38 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon