Bug 1049231 - openssl-1.0.1k is available
Summary: openssl-1.0.1k is available
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: rawhide
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords: FutureFeature, Triaged
: 1074163 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-07 09:14 UTC by Upstream Release Monitoring
Modified: 2015-01-13 16:30 UTC (History)
7 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2015-01-13 16:30:25 UTC


Attachments (Terms of Use)

Description Upstream Release Monitoring 2014-01-07 09:14:52 UTC
Latest upstream release: 1.0.1f
Current version/release in Fedora Rawhide: 1.0.1e-36.fc21
URL: http://www.openssl.org/source/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring

Comment 1 Tomas Mraz 2014-03-10 10:46:17 UTC
*** Bug 1074163 has been marked as a duplicate of this bug. ***

Comment 2 David Strauss 2014-04-07 22:44:26 UTC
Upstream is now 1.0.1g to fix CVE-2014-0160

Comment 3 David Strauss 2014-04-07 22:45:03 UTC
Bumping to urgent given the nature of the vulnerability:
http://heartbleed.com/

Comment 4 Tomas Mraz 2014-04-08 09:10:45 UTC
Back to medium, the CVE-2014-0160 was fixed by backporting the patch from upstream.

Comment 5 Matthew Miller 2014-04-14 13:16:37 UTC
I'm getting a lot of feedback from people who have seen the vulnerability in the news and are worried that the version numbers don't line up. I've been explaining how to actually check, but having an update (at least in rawhide, and then maybe backported to f20) seems like it would make people feel more reassured.

Comment 6 Harald Reindl 2014-04-14 13:27:47 UTC
not that sure because: http://www.mail-archive.com/postfix-users@postfix.org/msg57455.html

Comment 7 Matthew Miller 2014-04-14 14:14:51 UTC
Thanks Harald -- that's useful to know. (The tl;dr summary: there are some interoperability isses reported with 1.0.1g, so it's probably better to hold off on updating F20 at least.

Comment 8 Upstream Release Monitoring 2014-08-07 09:37:54 UTC
Latest upstream release: 1.0.1i
Current version/release in Fedora Rawhide: 1.0.1h-6.fc22
URL: http://www.openssl.org/source/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring

Comment 9 Upstream Release Monitoring 2015-01-09 09:47:04 UTC
Latest upstream release: 1.0.1k
Current version/release in Fedora Rawhide: 1.0.1j-3.fc22
URL: http://www.openssl.org/source/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy


More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please make yourself familiar with the new system to ease the transition.

Comment 10 Adam Williamson 2015-01-13 16:30:25 UTC
Rawhide has 1.0.1k.


Note You need to log in before you can comment on or make changes to this bug.