Bug 1049231
Summary: | openssl-1.0.1k is available | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Upstream Release Monitoring <upstream-release-monitoring> |
Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | awilliam, bugzilla-redhat, david, h.reindl, mattdm, roger.k.wells, tmraz |
Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-01-13 16:30:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Upstream Release Monitoring
2014-01-07 09:14:52 UTC
*** Bug 1074163 has been marked as a duplicate of this bug. *** Upstream is now 1.0.1g to fix CVE-2014-0160 Bumping to urgent given the nature of the vulnerability: http://heartbleed.com/ Back to medium, the CVE-2014-0160 was fixed by backporting the patch from upstream. I'm getting a lot of feedback from people who have seen the vulnerability in the news and are worried that the version numbers don't line up. I've been explaining how to actually check, but having an update (at least in rawhide, and then maybe backported to f20) seems like it would make people feel more reassured. not that sure because: http://www.mail-archive.com/postfix-users@postfix.org/msg57455.html Thanks Harald -- that's useful to know. (The tl;dr summary: there are some interoperability isses reported with 1.0.1g, so it's probably better to hold off on updating F20 at least. Latest upstream release: 1.0.1i Current version/release in Fedora Rawhide: 1.0.1h-6.fc22 URL: http://www.openssl.org/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Latest upstream release: 1.0.1k Current version/release in Fedora Rawhide: 1.0.1j-3.fc22 URL: http://www.openssl.org/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service will be implemented by a new system: https://release-monitoring.org/ It will require to manage monitored projects via a new web interface. Please make yourself familiar with the new system to ease the transition. Rawhide has 1.0.1k. |