Bug 497614

Summary: OpenSSL vulnerabilities
Product: [I don't know] kde Reporter: Hugo Dias <hugo>
Component: generalAssignee: Unassigned bugs mailing-list <unassigned-bugs>
Status: RESOLVED MOVED    
Severity: major CC: nate, reeves.87
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Microsoft Windows   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Hugo Dias 2024-12-17 16:22:49 UTC 
SUMMARY
The KDiff3 is being distrubuted with openssl version 3.1.4 and it has multiple vulnerabilities

STEPS TO REPRODUCE

OBSERVED RESULT


EXPECTED RESULT
No vulnerabilities from OpenSSL

SOFTWARE/OS VERSIONS
Windows: 11

ADDITIONAL INFORMATION
Having vulnerabilities has contraints in my computer due to company policies.
Comment 1 michael 2024-12-17 21:39:26 UTC 
This bug needs to be reassigned to craft blue prints but I have option to do so.
Comment 2 michael 2024-12-17 22:00:24 UTC 
I am going to put in an MR to update to 3.1.7 since that is bug fix release it shouldn't cause any dependency problems. Not just kdiff3 that would be affected. Any kde application using the ssl  library would has the issue,
Comment 3 Nate Graham 2024-12-18 17:41:26 UTC 
These apparently need to be opened at https://invent.kde.org/packaging/craft/-/issues now.