Bump puppet-agent's bundled openssl to address CVE-2024-5535

puppetlabs / puppet-agent

All of the directions for building a puppet agent package.

Other

47 stars 146 forks source link

Bump puppet-agent's bundled openssl to address CVE-2024-5535 #2547

Open cthorn42 opened 1 week ago

cthorn42 commented 1 week ago

Details are listed here: https://www.openssl.org/news/secadv/20240627.txt Highlights are:

rated low
haven't released a fix yet

Puppet-agent 7.31.0 has OpenSSL version 1.1.1v (patched of course) and puppet-agent 8.7.0 has OpenSSl version 3.0.13. When a fix for this CVE is released we should patch the former and upgrade the later.

joshcooper commented 1 week ago

Should we move this issue to the puppet-runtime project since that's where the fix will land?

github-actions[bot] commented 5 days ago

Migrated issue to PA-6699