Hello
I’ve a question about a comment in a resolved issue for openssl (https://bugzilla.suse.com/show_bug.cgi?id=1169407).
In the last comment, we have this sentence : At times this might be only a partial fix. What does it mean ? Is this just a caution in case someone found a way to reproduce the issue ?
Can we consider that the issue is fully resolved in openssl-1_1 1.1.1d-2.23.1 ?
@Frederic are you running the d variant? If so can you upgrade to the g variant, which is recommended? Seems to me since the bug report hasn’t been re-opened, no one has reported any issues…
I’m working on SLES 12 SP3 LTSS/ SP5 (depending on products). For each version, I only see the d version for openssl, g is not available, am I wrong ?
@Frederic ahh yes, just checked, my bad. I see it’s there for SLES 12 SP5, don’t see it for SLES 12 SP3 LTSS (but it is the same version…), I would search the SP3 LTSS changelog for the CVE reference, it should be there.
You can see this sort of information via SUSE Customer Center 
https://scc.suse.com/patches select your product and enter the CVE reference: CVE-2020-1967
Thanks for the link (add it to my SuSE’s bookmarks )
So, to come back to the first question, the comment saying that it might be a partial fix is official/true or just a comment waiting for further tests ? I don’t know what to say to my developer when he see it
@Frederic it’s a comment on the bug report for sure, see https://www.suse.com/security/cve/CVE-2020-1967/ SLE 12 SP3 (LTSS?) says not affected…
The good news is that this development team has switched to SLES 12 SP5. I can say that it was just a comment in the bug report.
Thanks for your time @malcolmlewis