Upstream has marked this update as urgent. TARGET = alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Reproducible: Always
The upstream ChangeLog doesn't list any reason for an urgent stabilisation, barring the OpenSSL security bug that only affects their Windows binaries. Stable for HPPA.
If we don't use a bundled version of openssl, then there is no update for us.
(In reply to Jeroen Roovers from comment #1) > The upstream ChangeLog doesn't list any reason for an urgent stabilisation, > barring the OpenSSL security bug that only affects their Windows binaries. > > Stable for HPPA. Correct, but in src/ctx.c they relaxed a precompiler condition which looks like it might be for enhanced security: -#if defined(USE_WIN32) || OPENSSL_VERSION_NUMBER>=0x0090700fL +#if OPENSSL_VERSION_NUMBER>=0x0090700fL SSL_CTX_set_default_passwd_cb(section->ctx, password_cb); #endif I can't make sense if this is related to any of the stuff in the openssl security advisory: https://www.openssl.org/news/secadv_20140806.txt. So I erred on the side of caution.
(In reply to Agostino Sarubbo from comment #2) > If we don't use a bundled version of openssl, then there is no update for us. That's not what's going on here. See my previous comment.
stable on ppc, ppc64 and arm.
stable amd64/x86
@remaining arch teams: please start work on bug #528004