"The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1j. This release will be made available on Tuesday 16th February 2021 between 1300-1700 UTC. OpenSSL 1.1.1j is a security-fix release. The highest severity issue fixed in this release is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate Yours The OpenSSL Project Team"
1.1.1j is released: Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() function (CVE-2021-23841) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions (CVE-2021-23840) Fixed SRP_Calc_client_key so that it runs in constant time Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e046f5a13926d01660a6abfbe63dfeb15ac2adec commit e046f5a13926d01660a6abfbe63dfeb15ac2adec Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-02-16 16:32:49 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-02-16 18:14:15 +0000 dev-libs/openssl: bump to v1.1.1j Bug: https://bugs.gentoo.org/769785 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/openssl/Manifest | 1 + dev-libs/openssl/openssl-1.1.1j.ebuild | 326 +++++++++++++++++++++++++++++++++ 2 files changed, 327 insertions(+)
x86 done
amd64 done
s390 done
sparc done
Prefix done
arm64 done
ppc done
hppa stable
ppc64 stable
arm done all arches done
Please cleanup, thanks.
Unable to check for sanity: > no match for package: dev-libs/openssl-1.1.1j
New GLSA request filed.
This issue was resolved and addressed in GLSA 202103-03 at https://security.gentoo.org/glsa/202103-03 by GLSA coordinator Thomas Deutschmann (whissi).