Date: Fri, 11 Dec 2020 11:48:07 GMT From: Martin Simmons <martin@lispworks.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <202012111148.0BBBm7uw012149@higson.cam.lispworks.com> In-Reply-To: <20201209230300.03251CA1@freefall.freebsd.org> (message from FreeBSD Security Advisories on Wed, 9 Dec 2020 23:03:00 %2B0000 (UTC)) References: <20201209230300.03251CA1@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Wed, 9 Dec 2020 23:03:00 +0000 (UTC), FreeBSD Security Advisories said: > > Note: The OpenSSL project has published publicly available patches for > versions included in FreeBSD 12.x. This vulnerability is also known to > affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL > project is only giving patches for that version to premium support contract > holders. The FreeBSD project does not have access to these patches and > recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leverage > up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Project > may update this advisory to include FreeBSD 11.4 should patches become > publicly available. I see that Ubuntu have backported this (see 1.0.2n-1ubuntu5.5 in https://launchpad.net/ubuntu/+source/openssl1.0). __Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012111148.0BBBm7uw012149>