SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1074

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1074

Security update for qpid-proton

Type: security

Severity: important

Issued: 2024-03-30

Description:

This update for qpid-proton fixes the following issues:

- CVE-2019-0223: Fixed TLS Man in the Middle Vulnerability (bsc#1133158).

The following non-security bugs were fixed:

- Fix build with OpenSSL 3.0.0 (bsc#1172267)
- Sort linked .o files to make package build reproducible (bsc#1041090)
- Fix build with gcc8 (bsc#1084627)
- Move libqpid-proton-core to a different package to fix a rpmlint
  error (bsc#1191783)

References

CVE: CVE-2019-0223
Bugzilla: 1191783 [SLPP] qpid-proton: E: shlib-policy-name-error
Bugzilla: 1172267 [TRACKERBUG] OpenSSL 3.0.0 upgrade tracker bug
Bugzilla: 1133158 VUL-1: CVE-2019-0223: qpid-proton: Apache Qpid Proton TLS Man in the Middle Vulnerability
Bugzilla: 1084627 GCC 8: qpid-proton build fails
Bugzilla: 1041090 trackerbug: packages do not build reproducibly from unsorted input

Packages

qpid-proton-0.38.0-150000.6.3.1