Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl security release 1.1.1g - vulnerability HIGH #32846

Closed
sam-github opened this issue Apr 14, 2020 · 7 comments
Closed

openssl security release 1.1.1g - vulnerability HIGH #32846

sam-github opened this issue Apr 14, 2020 · 7 comments

Comments

@sam-github
Copy link
Contributor

Until the OpenSSL release occurs, we won't know if the issue affects Node.js or not.


https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html

The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1g.

This release will be made available on Tuesday 21st April 2020 between
1300-1700 UTC.

OpenSSL 1.1.g is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high

Yours

The OpenSSL Project Team

@sam-github
Copy link
Contributor Author

@hassaanp offered to do the openssl update.

@sam-github
Copy link
Contributor Author

Next TSC meeting will be right after the openssl release, Node.js impact can be discussed then.

public announcement: nodejs/nodejs.org#3113

@sam-github
Copy link
Contributor Author

sam-github commented Apr 20, 2020

@nodejs/releasers Calling for volunteer/volunteers!

Its not known if sec releases will be required yet, but if they are, and need to be expedited, we'll need someone to do the releases.

Affected release lines will be all those currently supported: 10,12,13,14

@targos
Copy link
Member

targos commented Apr 20, 2020

I can do 13 and/or 12

@sam-github
Copy link
Contributor Author

https://www.openssl.org/news/secadv/20200421.txt is the sec issue addressed

@sam-github
Copy link
Contributor Author

issue does not affect Node.js:

https://mta.openssl.org/pipermail/openssl-users/2020-April/012269.html

@BridgeAR BridgeAR removed the tsc-agenda Issues and PRs to discuss during the meetings of the TSC. label Apr 23, 2020
@BridgeAR
Copy link
Member

It does not affect Node.js and therefore I removed it from the tsc agenda.

Seems like there is no action item in general and therefore I close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants