Bug 2227841

Summary: openssl CVE patch applied but missing from changelog
Product: Red Hat Enterprise Linux 9 Reporter: tjr22
Component: opensslAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, cllang, jwboyer
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-01 16:48:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description tjr22 2023-07-31 16:13:32 UTC 
Description of problem:
The changelog does not contain the patch for CVE-2023-0464, but the spec file contains the patch (#0115 https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/openssl.spec?ref_type=heads)

Version-Release number of selected component (if applicable):
3.0.7-24

How reproducible:
Docs - 100%

Steps to Reproduce:
1. run: rpm -q --changelog openssl
2. search for 0464 or 3722 or 2181082

Actual results:

No mention of CVE or patch

Expected results:

Statement that patches have been applied fixing relevant CVE 

Additional info:
Comment 1 Dmitry Belyavskiy 2023-08-01 16:48:38 UTC 
Yes, the CVE is missing from the changelog.
Sorry for the inconvenience.