Ubuntu
openssl package

Update to include changes in 1.1.1.e

Asked by Andy Edwards on 2020-04-02

Are there any plans to update the Ubuntu packages to pull in the changes in OpenSSL 1.1.1e (or even 1.1.1f)?

Specifically, 1.1.1e brings in a fix for CVE-2019-1551. We'd like to update to a version that has that fix (and CVEs are the kind of thing that come with deadlines to be resolved by) but the fix isn't in the latest Ubuntu package for Bionic.

Question information

Language:: English Edit question

Status:: Solved

For:: Ubuntu openssl Edit question

Assignee:: No assignee Edit question

Solved by:: Manfred Hampl

Solved:: 2020-05-11

Last query:: 2020-05-11

Last reply:: 2020-04-02

Link existing bug

Manfred Hampl (m-hampl) said on 2020-04-02:

This is a known problem
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1551.html

Andy Edwards (andy-edwards) said on 2020-04-23:

FYI 1.1.1g is now released and includes https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1967

Andy Edwards (andy-edwards) said on 2020-05-11:

https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1967.html has now asserted that the CVEs in 1.1.1g also do not apply to Ubuntu Bionic. Might as well close this off as solved.

Andy Edwards (andy-edwards) said on 2020-05-11:

Thanks Manfred Hampl, that solved my question.

To post a message you must log in.

Ask a question

Edit question

Ubuntuopenssl package

Update to include changes in 1.1.1.e

Question information

Related bugs

Related FAQ:

Subscribers

Ubuntu
openssl package