Bug 1049231

Summary:	openssl-1.0.1k is available
Product:	[Fedora] Fedora	Reporter:	Upstream Release Monitoring <upstream-release-monitoring>
Component:	openssl	Assignee:	Tomas Mraz <tmraz>
Status:	CLOSED RAWHIDE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	awilliam, bugzilla-redhat, david, h.reindl, mattdm, roger.k.wells, tmraz
Target Milestone:	---	Keywords:	FutureFeature, Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Enhancement
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2015-01-13 16:30:25 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Upstream Release Monitoring 2014-01-07 09:14:52 UTC

Latest upstream release: 1.0.1f
Current version/release in Fedora Rawhide: 1.0.1e-36.fc21
URL: http://www.openssl.org/source/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring

Comment 1 Tomas Mraz 2014-03-10 10:46:17 UTC

*** Bug 1074163 has been marked as a duplicate of this bug. ***

Comment 2 David Strauss 2014-04-07 22:44:26 UTC

Upstream is now 1.0.1g to fix CVE-2014-0160

Comment 3 David Strauss 2014-04-07 22:45:03 UTC

Bumping to urgent given the nature of the vulnerability:
http://heartbleed.com/

Comment 4 Tomas Mraz 2014-04-08 09:10:45 UTC

Back to medium, the CVE-2014-0160 was fixed by backporting the patch from upstream.

Comment 5 Matthew Miller 2014-04-14 13:16:37 UTC

I'm getting a lot of feedback from people who have seen the vulnerability in the news and are worried that the version numbers don't line up. I've been explaining how to actually check, but having an update (at least in rawhide, and then maybe backported to f20) seems like it would make people feel more reassured.

Comment 6 Harald Reindl 2014-04-14 13:27:47 UTC

not that sure because: http://www.mail-archive.com/postfix-users@postfix.org/msg57455.html

Comment 7 Matthew Miller 2014-04-14 14:14:51 UTC

Thanks Harald -- that's useful to know. (The tl;dr summary: there are some interoperability isses reported with 1.0.1g, so it's probably better to hold off on updating F20 at least.

Comment 8 Upstream Release Monitoring 2014-08-07 09:37:54 UTC

Latest upstream release: 1.0.1i
Current version/release in Fedora Rawhide: 1.0.1h-6.fc22
URL: http://www.openssl.org/source/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring

Comment 9 Upstream Release Monitoring 2015-01-09 09:47:04 UTC

Latest upstream release: 1.0.1k
Current version/release in Fedora Rawhide: 1.0.1j-3.fc22
URL: http://www.openssl.org/source/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy


More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please make yourself familiar with the new system to ease the transition.

Comment 10 Adam Williamson 2015-01-13 16:30:25 UTC

Rawhide has 1.0.1k.