openssl DLA
Dear @lts-team,
A DLA is needed for openssl.
The goal of this issue is to:
- Encourage better status updates (e.g. more detailed, more frequent)
- Build collaboratively a DLA check-list to promote high quality updates and avoid regressions
- Have a clearer history (e.g. if there are multiple claims/contributors over time)
- Tackle long-standing packages in the workflow queue
Check list pointers:
-
bin/package-operations --lts -qp openssl(gather package info from packages.yml, lts-do-call-me and other sources; also available through./find-work) - Development: testing guidelines: https://lts-team.pages.debian.net/wiki/Development.html#test-the-update
- Check-list draft (with more CI-oriented tasks): https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/47#note_1464826850
We do not yet have a definite list of items which are expected for each update.
Please perform the update as you would any other LTS update, but as you go through the steps consider consulting these links and then documenting in comments to this ticket which items you included or omitted (and also why).
The following version of openssl are currently available in the ELTS releases:
| Release | Version |
|---|---|
| bullseye | 1.1.1w-0+deb11u1 |
| bullseye (security) | 1.1.1n-0+deb11u5 |
And these are the currently open CVEs to be fixed:
-
https://deb.freexian.com/extended-lts/tracker/CVE-2023-5678 -
https://deb.freexian.com/extended-lts/tracker/CVE-2024-0727 -
https://deb.freexian.com/extended-lts/tracker/CVE-2024-2511 -
https://deb.freexian.com/extended-lts/tracker/CVE-2024-4741 -
https://deb.freexian.com/extended-lts/tracker/CVE-2024-5535 (Needs to follow a bookworm update and coordination with maintainer. Probably to be postponed until the bookworm update is released)
@lts-team, any volunteer to take this?
(Set due date in two weeks as a reminder)