File _patchinfo of Package patchinfo.28090

<patchinfo incident="28090">
  <issue tracker="bnc" id="1207536">VUL-0: CVE-2023-0215: openssl: Use-after-free following BIO_new_NDEF</issue>
  <issue tracker="bnc" id="1207534">VUL-0: CVE-2022-4304: openssl: Timing Oracle in RSA Decryption</issue>
  <issue tracker="bnc" id="1201627">openssl-1_0_0 FTBFS 2023-05-26</issue>
  <issue tracker="bnc" id="1207533">VUL-0: CVE-2023-0286: openssl: X.400 address type confusion in X.509 GeneralName</issue>
  <issue tracker="bnc" id="1202062">L3-Question: openssl: FIPS additional checks fail with existing key</issue>
  <issue tracker="cve" id="2022-4304"/>
  <issue tracker="cve" id="2023-0286"/>
  <issue tracker="cve" id="2023-0215"/>
  <packager>ohollmann</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for openssl</summary>
  <description>This update for openssl fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed (bsc#1207533).
- CVE-2023-0215: Fixed a use-after-free following BIO_new_NDEF (bsc#1207536).
- CVE-2022-4304: Fixed a timing oracle in RSA decryption (bsc#1207534).

The following non-security bug were fixed:

- Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062).
- Update further expiring certificates that affect tests (bsc#1201627).
</description>
</patchinfo>