[Bug 1991771] Re: [FFe] Update to 3.0.6
Steve Langasek
1991771 at bugs.launchpad.net
Fri Oct 7 22:37:54 UTC 2022
Given the late glibc change now in flight, I do not think we have the
capacity to take an openssl change this late in the release cycle
without significantly taxing the team to make the release happen.
Especially since the security fixes are low impact and the upstream
release is not security-fix-only, I definitely do not think we can grant
a freeze exception at this point, and think the chances of granting one
on Tuesday when the upstream release has happened are low. I would
advise that you work with the Security Team to work out what a zero-day
security update of this package should look like.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1991771
Title:
[FFe] Update to 3.0.6
Status in openssl package in Ubuntu:
New
Bug description:
There's an upcoming security release for OpenSSL according to
https://mta.openssl.org/pipermail/openssl-
users/2022-October/015477.html
The timing is somewhat unfortunate given our own release schedule.
The current version of openssl in kinetic, 3.0.5-2ubuntu1, is actually
a snapshot of the 3.0 branch ahead of 3.0.5 (inherited from Debian
during the last merge).
Sadly, they don't have a proper changelog (even partial) for the
upcoming release yet, but I'll attach the diff and shortlog between
our current version and the current state of the branch to get an idea
of what's to come. As usual for their 3.0 point releases, it's not
just security fixes but general bugfixes as well.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1991771/+subscriptions
More information about the foundations-bugs
mailing list