Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 893446 (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401) - <dev-libs/openssl-{1.1.1t, 3.0.8}: Multiple vulnerabilities
Summary: <dev-libs/openssl-{1.1.1t, 3.0.8}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 893556
Blocks: 855494 887073
  Show dependency tree
 
Reported: 2023-02-07 04:28 UTC by Sam James
Modified: 2024-02-04 08:05 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-02-07 04:28:08 UTC
https://mta.openssl.org/pipermail/openssl-announce/2023-January/000248.html

"""
Hello,

The OpenSSL project team would like to announce the forthcoming release 
of OpenSSL versions 3.0.8, 1.1.1t and 1.0.2zg. Note that OpenSSL 1.0.2 
is End Of Life and so 1.0.2zg will be available to premium support 
customers only.

These releases will be made available on Tuesday 7th February 2023 
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue fixed in 
each of these three releases is High:

https://www.openssl.org/policies/secpolicy.html

Yours
The OpenSSL Project Team
"""
Comment 1 Larry the Git Cow gentoo-dev 2023-02-07 16:54:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4cbfc0cf23eb89fe311d0404afe0134a1c7324d

commit f4cbfc0cf23eb89fe311d0404afe0134a1c7324d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-02-07 16:50:41 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-02-07 16:53:13 +0000

    dev-libs/openssl: add 3.0.8
    
    Bug: https://bugs.gentoo.org/893446
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/openssl/Manifest             |   2 +
 dev-libs/openssl/openssl-3.0.8.ebuild | 260 ++++++++++++++++++++++++++++++++++
 2 files changed, 262 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7421cd7524852eeb68ca87eccbbe31ab1e0f906c

commit 7421cd7524852eeb68ca87eccbbe31ab1e0f906c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-02-07 16:51:35 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-02-07 16:53:13 +0000

    dev-libs/openssl: keyword 1.1.1t
    
    Originally unkeyworded as we copied from 8263780cbef6fd6d62bdd57dc14373f869739e77.
    
    Bug: https://bugs.gentoo.org/893446
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/openssl/openssl-1.1.1t.ebuild | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f288f0e0ea80bccae6a5e074e605ac5982e84b98

commit f288f0e0ea80bccae6a5e074e605ac5982e84b98
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-02-07 16:43:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-02-07 16:53:12 +0000

    dev-libs/openssl: add 1.1.1t
    
    Bug: https://bugs.gentoo.org/893446
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.1.1t.ebuild | 340 +++++++++++++++++++++++++++++++++
 2 files changed, 342 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2023-02-13 07:04:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1c15de07da848681bf49fea4541b36fad4ae848

commit b1c15de07da848681bf49fea4541b36fad4ae848
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-02-13 07:02:46 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-02-13 07:02:46 +0000

    dev-libs/openssl-compat: add 1.1.1t
    
    Bug: https://bugs.gentoo.org/893446
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   2 +
 dev-libs/openssl-compat/files/gentoo.config-1.0.4  | 176 ++++++++++++++++
 .../openssl-compat/openssl-compat-1.1.1t.ebuild    | 221 +++++++++++++++++++++
 3 files changed, 399 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2024-02-04 08:03:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f353a9a7c6ffd4dd54f9b93774d103942a88892e

commit f353a9a7c6ffd4dd54f9b93774d103942a88892e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-04 08:02:53 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-04 08:03:15 +0000

    [ GLSA 202402-08 ] OpenSSL: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/876787
    Bug: https://bugs.gentoo.org/893446
    Bug: https://bugs.gentoo.org/902779
    Bug: https://bugs.gentoo.org/903545
    Bug: https://bugs.gentoo.org/907413
    Bug: https://bugs.gentoo.org/910556
    Bug: https://bugs.gentoo.org/911560
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-08.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)