Date: Mon, 9 May 2022 11:31:01 -0700 From: Gordon Tetlow <gordon@tetlows.org> To: Natalino Picone <natalino.picone@nozominetworks.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: OpenSSL 1.1.1o in 12.3? Message-ID: <CD9DB746-D1BA-4110-B350-D93A4F6B7BBD@tetlows.org> In-Reply-To: <AM6PR07MB581685FA32B09E3F2B36BF0886C69@AM6PR07MB5816.eurprd07.prod.outlook.com> References: <AM6PR07MB581685FA32B09E3F2B36BF0886C69@AM6PR07MB5816.eurprd07.prod.outlook.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] The only vulnerability in 1.1.1 was regarding the c_rehash script, which we don't ship as part of FreeBSD. As such, we didn't push it into so-maintained releng branches. Best, Gordon Hat: security-officer > On May 9, 2022, at 12:37 AM, Natalino Picone <natalino.picone@nozominetworks.com> wrote: > > Hi, > I was looking at the latest OpenSSL CVE. > Should this also be merged on 12.3? right now it has been done only on 13.1 > > https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac52332b53ebd7824965e6a7b4 <https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac52332b53ebd7824965e6a7b4>; > > Thanks, > Nat > > > > Natalino Picone > Senior Product Security Engineer > • Phone: +41 (0)91 647 04 06 > • natalino.picone@nozominetworks.com <mailto:natalino.picone@nozominetworks.com> > > Nozomi Networks <https://www.nozominetworks.com/company/overview/>; | The Leader in OT & IoT Security > Website <https://www.nozominetworks.com/>; | Blog <https://www.nozominetworks.com/blog/>; | Twitter <https://twitter.com/nozominetworks>; | Linkedin | <https://www.linkedin.com/company/nozomi-networks-sa/>YouTube <https://www.youtube.com/channel/UCcYhFsbFID6gwkU8DjfIycw>; | Podcast <https://www.buzzsprout.com/1012066>; > > <Outlook-ivda3igo.png> <https://www.nozominetworks.com/>; [-- Attachment #2 --] <html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">The only vulnerability in 1.1.1 was regarding the c_rehash script, which we don't ship as part of FreeBSD. As such, we didn't push it into so-maintained releng branches.<div class=""><br class=""></div><div class="">Best,</div><div class="">Gordon</div><div class="">Hat: security-officer<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On May 9, 2022, at 12:37 AM, Natalino Picone <<a href="mailto:natalino.picone@nozominetworks.com" class="">natalino.picone@nozominetworks.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);">Hi,</div><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);">I was looking at the latest OpenSSL CVE.</div><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);">Should this also be merged on 12.3? right now it has been done only on 13.1<br class=""></div><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);"><br class=""></div><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);"><a href="https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac52332b53ebd7824965e6a7b4" id="LPNoLPOWALinkPreview" class="">https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac52332b53ebd7824965e6a7b4</a></div><div class="_EReadonly_1 _EType_OWALinkPreview _Entity _EId_OWALinkPreview elementToProof" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"></div><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);">Thanks,</div><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);">Nat<br class=""></div><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);"><br class=""></div><div class="elementToProof" style="font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; background-color: rgb(255, 255, 255);"><br class=""></div><div style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 10pt;" class=""><br class=""></div><div id="Signature" class=""><div class=""><div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""></div><div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;" class=""><table class=""><tbody class=""><tr class=""><td style="padding: 0.75pt 0.75pt 0.75pt 6pt;" class=""><div style="margin: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 15pt;" class=""><b class=""><span lang="EN-US" style="font-size: 13.5pt; font-family: Arial, sans-serif; color: rgb(0, 156, 214);" class="">Natalino Picone</span></b><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><span class="Apple-converted-space"> </span><br class=""></span><b class=""><span style="font-size: 10.5pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class="">Senior Product Security Engineer</span></b><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><br class=""></span><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(209, 49, 100);" class="">•</span><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><span class="Apple-converted-space"> </span><strong class=""><span class="">Phone:<span class="Apple-converted-space"> </span></span></strong></span><span lang="EN-US" style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class="">+41 (0)91 647 04 06</span><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><br class=""></span><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(209, 49, 100);" class="">•</span><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><span class="Apple-converted-space"> </span><a href="mailto:natalino.picone@nozominetworks.com" class=""><span style="color: rgb(0, 156, 214);" class="">natalino.picone@nozominetworks.com</span></a><br class=""><br class=""><strong class=""><span class=""><a href="https://www.nozominetworks.com/company/overview/" class=""><span style="color: rgb(0, 156, 214);" class="">Nozomi Networks</span></a></span></strong><span class="Apple-converted-space"> </span>|<span class="Apple-converted-space"> </span><strong class=""><span class="">The Leader in<span class="Apple-converted-space"> </span></span></strong></span><strong class=""><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(209, 49, 100);" class="">OT</span></strong><strong class=""><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><span class="Apple-converted-space"> </span>&<span class="Apple-converted-space"> </span></span></strong><strong class=""><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(209, 49, 100);" class="">IoT</span></strong><strong class=""><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><span class="Apple-converted-space"> </span>Security</span></strong><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><span class="Apple-converted-space"> </span><br class=""><a href="https://www.nozominetworks.com/" target="new" class=""><strong class=""><span style="color: rgb(0, 156, 214);" class="">Website</span></strong></a><span class="Apple-converted-space"> </span>|<span class="Apple-converted-space"> </span><a href="https://www.nozominetworks.com/blog/" target="new" class=""><strong class=""><span style="color: rgb(0, 156, 214);" class="">Blog</span></strong></a><span class="Apple-converted-space"> </span>|<span class="Apple-converted-space"> </span><a href="https://twitter.com/nozominetworks" target="new" class=""><strong class=""><span style="color: rgb(0, 156, 214);" class="">Twitter</span></strong></a><span class="Apple-converted-space"> </span>|<span class="Apple-converted-space"> </span><a href="https://www.linkedin.com/company/nozomi-networks-sa/" target="new" class=""><strong class=""><span style="color: rgb(0, 156, 214);" class="">Linkedin</span></strong><span style="color: rgb(0, 156, 214);" class=""><span class="Apple-converted-space"> </span>|<span class="Apple-converted-space"> </span></span></a><a href="https://www.youtube.com/channel/UCcYhFsbFID6gwkU8DjfIycw" target="new" class=""><strong class=""><span style="color: rgb(0, 156, 214);" class="">YouTube</span></strong></a><span class="Apple-converted-space"> </span>|<span class="Apple-converted-space"> </span><a href="https://www.buzzsprout.com/1012066" target="new" class=""><strong class=""><span style="color: rgb(0, 156, 214);" class="">Podcast</span></strong></a><span class="Apple-converted-space"> </span> </span></div></td></tr><tr class=""><td style="padding: 0.75pt;" class=""><div style="margin: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 15pt;" class=""><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=""><br class=""></span><a href="https://www.nozominetworks.com/" title="https://www.nozominetworks.com/" class=""><span style="font-size: 9pt; font-family: Arial, sans-serif; color: blue;" class=""><span class=""><span id="cid:ebf60110-aadd-4447-9be4-4f415a1c031f"><Outlook-ivda3igo.png></span></span></span></a></div></td></tr></tbody></table></div></div></div></div></div></blockquote></div><br class=""></div></body></html>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CD9DB746-D1BA-4110-B350-D93A4F6B7BBD>