497614 – OpenSSL vulnerabilities

Bug 497614 - OpenSSL vulnerabilities

Summary: OpenSSL vulnerabilities

Status:	RESOLVED MOVED

Alias:	None

Product:	kde
Classification:	I don't know
Component:	general (show other bugs)
Version:	unspecified
Platform:	Microsoft Windows Microsoft Windows

Importance:	NOR major
Target Milestone:	---
Assignee:	Unassigned bugs mailing-list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-12-17 16:22 UTC by Hugo Dias
Modified:	2024-12-18 17:41 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Hugo Dias 2024-12-17 16:22:49 UTC

SUMMARY
The KDiff3 is being distrubuted with openssl version 3.1.4 and it has multiple vulnerabilities

STEPS TO REPRODUCE

OBSERVED RESULT


EXPECTED RESULT
No vulnerabilities from OpenSSL

SOFTWARE/OS VERSIONS
Windows: 11

ADDITIONAL INFORMATION
Having vulnerabilities has contraints in my computer due to company policies.

Comment 1 michael 2024-12-17 21:39:26 UTC

This bug needs to be reassigned to craft blue prints but I have option to do so.

Comment 2 michael 2024-12-17 22:00:24 UTC

I am going to put in an MR to update to 3.1.7 since that is bug fix release it shouldn't cause any dependency problems. Not just kdiff3 that would be affected. Any kde application using the ssl  library would has the issue,

Comment 3 Nate Graham 2024-12-18 17:41:26 UTC

These apparently need to be opened at https://invent.kde.org/packaging/craft/-/issues now.