Bug 2227841 - openssl CVE patch applied but missing from changelog
Summary: openssl CVE patch applied but missing from changelog
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: openssl
Version: CentOS Stream
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Dmitry Belyavskiy
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-07-31 16:13 UTC by tjr22
Modified: 2023-08-01 16:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-01 16:48:38 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-163906 0 None None None 2023-07-31 16:14:03 UTC

Description tjr22 2023-07-31 16:13:32 UTC 
Description of problem:
The changelog does not contain the patch for CVE-2023-0464, but the spec file contains the patch (#0115 https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/openssl.spec?ref_type=heads)

Version-Release number of selected component (if applicable):
3.0.7-24

How reproducible:
Docs - 100%

Steps to Reproduce:
1. run: rpm -q --changelog openssl
2. search for 0464 or 3722 or 2181082

Actual results:

No mention of CVE or patch

Expected results:

Statement that patches have been applied fixing relevant CVE 

Additional info:
Comment 1 Dmitry Belyavskiy 2023-08-01 16:48:38 UTC 
Yes, the CVE is missing from the changelog.
Sorry for the inconvenience.
Note You need to log in before you can comment on or make changes to this bug.