Le sam. 24 août 2024 à 13:52, Paul Gevers <elb...@debian.org> a écrit :
> Hi Sebastian, > > On Sat, 17 Aug 2024 23:25:28 +0200 Sebastian Andrzej Siewior > <sebast...@breakpoint.cc> wrote: > > This is a stable release update of openssl provided upstream. Besides > > regular fixes it addresses three CVEs which are clasified as minor and > > therefore not yet fixed. > > After this update one CVE remains open which has been clasified as low > > by upstream and requires more than one patch address it and I decided to > > delayed it until 3.0.15 is released. > > > > I am not aware of any fallout at this point. > > Some flaky autopkgtests are failing [1], but nodejs regresses on all > architectures. It *seems* to me that's acceptable, one failure mode is > changed for another, but hopefully you or nodejs maintainers can > confirm, the regression is harmless (doesn't indicate a real issue with > the update). > Indeed, it is harmless. Upstream nodejs has fixed this in the 20.x branch by allowing both error codes in the failing test. Jérémy
