Will openssl 1.1.0j become available in Leap 15.0 updates?

Openssl 1.1.0i currently has two open vulnerabilities, CVE-2018-0734 and CVE-2018-0735 and I’m wondering if openssl 1.1.0j will be made available in the updates. If it is, is there any time estimate when that might happen?

a. This is for Leap 15.0
b. Version 1.1.0i-lp150.2.3.1 is what is current available and I see openssl-1_1-1.1.0i-lp150.3.15.1.x86_64.rpm in the update repo.
c. Vulnerabilities CVE-2018-0734 and CVE-2018-0735 are fixed by 1.1.0j or 1.1.1a.

Thanks!

Paul

Hi
Welcome to the world of version numbers mean nothing :wink: Security vulnerabilities are normally backported into current releases, a quick check of changelogs show those are already fixed…


rpm -qa openssl-1_1 --changelog |egrep "CVE-2018-0734|CVE-2018-0735"
    (bsc#1113651, CVE-2018-0735)
    (bsc#1113652, CVE-2018-0734)
  * openssl-CVE-2018-0734.patch
  * openssl-CVE-2018-0735.patch