Update to include changes in 1.1.1.e

Asked by Andy Edwards on 2020-04-02

Are there any plans to update the Ubuntu packages to pull in the changes in OpenSSL 1.1.1e (or even 1.1.1f)?

Specifically, 1.1.1e brings in a fix for CVE-2019-1551. We'd like to update to a version that has that fix (and CVEs are the kind of thing that come with deadlines to be resolved by) but the fix isn't in the latest Ubuntu package for Bionic.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
2020-05-11
Last query:
2020-05-11
Last reply:
2020-04-02
Andy Edwards (andy-edwards) said : #2

FYI 1.1.1g is now released and includes https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1967

Andy Edwards (andy-edwards) said : #3

https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1967.html has now asserted that the CVEs in 1.1.1g also do not apply to Ubuntu Bionic. Might as well close this off as solved.

Andy Edwards (andy-edwards) said : #4

Thanks Manfred Hampl, that solved my question.