Closed cthorn42 closed 4 days ago
Should we move this issue to the puppet-runtime
project since that's where the fix will land?
Migrated issue to PA-6699
puppet 7/openssl 1.1.1 fixed in https://github.com/puppetlabs/puppet-runtime/pull/899 puppet 8/openssl 3.0.x fixed in https://github.com/puppetlabs/puppet-runtime/pull/894
Details are listed here: https://www.openssl.org/news/secadv/20240627.txt Highlights are:
low
Puppet-agent 7.31.0 has OpenSSL version 1.1.1v (patched of course) and puppet-agent 8.7.0 has OpenSSl version 3.0.13. When a fix for this CVE is released we should patch the former and upgrade the later.