Opened 2 months ago
Last modified 10 days ago
#5723 reopened enhancement
openssl-3.5.1
| Reported by: | Bruce Dubbs | Owned by: | lfs-book |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.4 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (4)
comment:1 by , 2 months ago
comment:2 by , 2 months ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
I'm not sure why the currency script picked this up. I do see the following at https://github.com/openssl/openssl/releases/:
"... A fix is planned for OpenSSL 3.5.1"
But the script should not have looked at this section. I made a small fix to see if teh script will do better.
comment:3 by , 10 days ago
| Priority: | normal → high |
|---|---|
| Resolution: | invalid |
| Status: | closed → reopened |
OpenSSL 3.5.1 is now available.
The one security fix is:
CVEs fixed in 3.5.1:
CVE-2025-4575 - LOW - Fix x509 application adds trusted use instead of rejected use.
I don't see a need to rush on fixing this though, it can wait until the 15th.
comment:4 by , 10 days ago
| Priority: | high → normal |
|---|
This only affects 3.5, and we shipped LFS 12.3 with 3.4.x. The stable books thus aren't impacted by this vulnerability.
Note:
See TracTickets
for help on using tickets.
Hmm, I cannot find it on https://openssl-library.org/source/, nor https://github.com/openssl/openssl/releases/.