Re: Karma for OpenSSL needed
Dear Peter,
On Tue, Nov 1, 2022 at 6:44 PM Peter Robinson <pbrobinson(a)gmail.com> wrote:
Hi Dmitry,
> I've just pushed the updates for OpenSSL fixing 2 CVEs evaluated as
HIGH. Could you please check the freshly pushed builds to get necessary
karma ASAP?
Is there a reason we're note rebasing to 3.0.7 or generally updating
in Fedora with 3.x? It looks like 3.0.6 had CVE-2022-3358 which hasn't
been addressed because we're still on .5
Applying a separate patch takes several minutes, and rebasing is some
process, usually much longer.
The rebase is going to happen as time permits.
--
Dmitry Belyavskiy
Attachments:
- attachment.html (text/html — 1.1 KB)