Re: [CentOS-devel] [Openssl]incorrect CVE mentioned in openssl changelog

8 Apr 2022

      On 08/04/2022 13:53, Akshar Kanak wrote:
...
Dear team
      in latest openssl openssl-1.0.2k-25.el7_9.x86_64 , looks like 
there is an issue with change logs .
      rpm -qi --changelog openssl-1.0.2k-25.el7_9.x86_64 shows me
 "
 * Wed Mar 23 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:1.0.2k-25

Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when

parsing certificates

Related: rhbz#2067160

"
The CVE number should be CVE-2022-0778 . Right ?
reference : https://bugzilla.redhat.com/show_bug.cgi?id=2062202
I checked the RHEL version and it has the same CVE number listed so this 
is a RHEL bug not a CentOS one.
Trevor

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [CentOS-devel] [Openssl]incorrect CVE mentioned in openssl changelog