Comment's meaning for a resolved issue

FredericFrederic New or Quiet Member

Hello
I've a question about a comment in a resolved issue for openssl (https://bugzilla.suse.com/show_bug.cgi?id=1169407).
In the last comment, we have this sentence : At times this might be only a partial fix. What does it mean ? Is this just a caution in case someone found a way to reproduce the issue ?
Can we consider that the issue is fully resolved in openssl-1_1 1.1.1d-2.23.1 ?

Comments

  • malcolmlewismalcolmlewis Knowledge Partner

    @Frederic are you running the d variant? If so can you upgrade to the g variant, which is recommended? Seems to me since the bug report hasn't been re-opened, no one has reported any issues...

  • FredericFrederic New or Quiet Member

    I'm working on SLES 12 SP3 LTSS/ SP5 (depending on products). For each version, I only see the d version for openssl, g is not available, am I wrong ?

  • malcolmlewismalcolmlewis Knowledge Partner

    @Frederic ahh yes, just checked, my bad. I see it's there for SLES 12 SP5, don't see it for SLES 12 SP3 LTSS (but it is the same version..), I would search the SP3 LTSS changelog for the CVE reference, it should be there.

    You can see this sort of information via SUSE Customer Center ;)
    https://scc.suse.com/patches select your product and enter the CVE reference: CVE-2020-1967

  • FredericFrederic New or Quiet Member

    Thanks for the link (add it to my SuSE's bookmarks ;) )
    So, to come back to the first question, the comment saying that it might be a partial fix is official/true or just a comment waiting for further tests ? I don't know what to say to my developer when he see it

  • malcolmlewismalcolmlewis Knowledge Partner
    edited November 6

    @Frederic it's a comment on the bug report for sure, see https://www.suse.com/security/cve/CVE-2020-1967/ SLE 12 SP3 (LTSS?) says not affected...

  • FredericFrederic New or Quiet Member

    The good news is that this development team has switched to SLES 12 SP5. I can say that it was just a comment in the bug report.
    Thanks for your time @malcolmlewis

Sign In or Register to comment.