Date: Wed, 24 Feb 2021 10:24:54 +0100 From: "Herbert J. Skuhra" <herbert@gojira.at> To: freebsd-questions@freebsd.org Subject: Re: openssl advisories Message-ID: <YDYbZieJFTi14/k%2B@mail.bsd4all.net> In-Reply-To: <ab6f0778-352c-bc8a-55f9-24479e448979@netfence.it> References: <ab6f0778-352c-bc8a-55f9-24479e448979@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 24, 2021 at 09:34:53AM +0100, Andrea Venturoli wrote: > Hello. > > I saw OpenSSL has published some security updates last week, which some > other OSes have already provided updated packages for. > So I was kinda expecting a batch of security advisories for FreeBSD in these > days. > I was surprised, however, to see nothing openssl related coming. > > Are we not affected? Is such an SA expected in a few days? > > I'd just hate to begin upgrading every system and need to start over again > before I even finish :) - current has openssl-1.1.1j. - stable/12 and stable/13 have openssl-1.1.1j. - stable/11 has backported patches. CVE-2021-23839 unpatched? - releng/13.0 has openssl-1.1.1j. - releng/12.2 has openssl-1.1.1h and is obviously unpatched (CVE-2021-23840 and CVE-2021-23841): https://cgit.freebsd.org/src/log/crypto/openssl?h=releng/12.2 - the openssl port (head and 2021Q1) has openssl-1.1.1j Yes, the information is missing at https://www.freebsd.org/security/advisories/ -- Herbert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YDYbZieJFTi14/k%2B>