sometimes changelog entries miss the author
Hello, launchpad very helpfully shows changelogs for packages to save downloading and unpacking a package just to read the changelog. Sometimes it doesn't print who actually made the changelog, entry.
A recent example is openssl version 3.0.9-1ubuntu1 : the uploader isn't visible on the "all entries" page:
https:/
And it isn't visible on the page for the specific version:
https:/
This last page instead shows information for multiple releases, in what feels like it might be a bug.
Thanks
openssl (3.0.9-1ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Remaining changes:
+ Symlink changelog{
openssl
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/
+ Add support for building with noudeb build profile.
+ Use perl:native in the autopkgtest for installability on i386.
openssl (3.0.9-1) unstable; urgency=medium
* Import 3.0.7
- CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
Constraints) (Closes: #1034720).
- CVE-2023-0465 (Invalid certificate policies in leaf certificates are
silently ignored).
- CVE-2023-0466 (Certificate policy check not enabled).
- Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
- CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
- CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
- Add new symbol.
openssl (3.0.8-1ubuntu3) mantic; urgency=medium
* SECURITY UPDATE: DoS in AES-XTS cipher decryption
- debian/
crypto/
- CVE-2023-1255
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/
- CVE-2023-2650
* Replace CVE-2022-4304 fix with improved version
- debian/
- debian/
crypto/
crypto/
openssl (3.0.8-1ubuntu2) mantic; urgency=medium
* Manual reupload from lunar-security to mantic-proposed pocket, due to
LP failing to copy it
openssl (3.0.8-1ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/
in a policy tree (the default limit is set to 1000 nodes).
- debian/
resource overuse.
- debian/
exponential growth test conditionally.
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/
is checked even in leaf certs.
- debian/
the certificatePolicies extension.
- debian/
- CVE-2023-0466
* SECURITY UPDATE: certificate policy check in X509_VERIFY_
not enabled as documented
- debian/
X509_
- CVE-2023-0466
-- Gianfranco Costamagna <email address hidden> Mon, 12 Jun 2023 11:19:44 +0200
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Seth Arnold
- Solved:
- Last query:
- Last reply: