[CentOS-devel] [Openssl]incorrect CVE mentioned in openssl changelog

Fri Apr 8 13:02:23 UTC 2022
Trevor Hemsley <trevor.hemsley at ntlworld.com>

On 08/04/2022 13:53, Akshar Kanak wrote:
> Dear team
>       in latest openssl openssl-1.0.2k-25.el7_9.x86_64 , looks like 
> there is an issue with change logs .
>       rpm -qi --changelog openssl-1.0.2k-25.el7_9.x86_64 shows me
>  "
>  * Wed Mar 23 2022 Dmitry Belyavskiy <dbelyavs at redhat.com> - 1:1.0.2k-25
> - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when 
> parsing certificates
> - Related: rhbz#2067160
> "
> The CVE number should be CVE-2022-0778 . Right ?
> reference : https://bugzilla.redhat.com/show_bug.cgi?id=2062202

I checked the RHEL version and it has the same CVE number listed so this 
is a RHEL bug not a CentOS one.

Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20220408/c7b52672/attachment.html>