Date: Mon, 9 May 2022 11:31:01 -0700 From: Gordon Tetlow <gordon@tetlows.org> To: Natalino Picone <natalino.picone@nozominetworks.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: OpenSSL 1.1.1o in 12.3? Message-ID: <CD9DB746-D1BA-4110-B350-D93A4F6B7BBD@tetlows.org> In-Reply-To: <AM6PR07MB581685FA32B09E3F2B36BF0886C69@AM6PR07MB5816.eurprd07.prod.outlook.com> References: <AM6PR07MB581685FA32B09E3F2B36BF0886C69@AM6PR07MB5816.eurprd07.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_8BC18703-5B5B-4E04-9AFF-3E1EDA885A1C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 The only vulnerability in 1.1.1 was regarding the c_rehash script, which = we don't ship as part of FreeBSD. As such, we didn't push it into = so-maintained releng branches. Best, Gordon Hat: security-officer > On May 9, 2022, at 12:37 AM, Natalino Picone = <natalino.picone@nozominetworks.com> wrote: >=20 > Hi, > I was looking at the latest OpenSSL CVE. > Should this also be merged on 12.3? right now it has been done only on = 13.1 >=20 > = https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac52332b53ebd7= 824965e6a7b4 = <https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac52332b53ebd= 7824965e6a7b4> >=20 > Thanks, > Nat >=20 >=20 >=20 > Natalino Picone=20 > Senior Product Security Engineer > =E2=80=A2 Phone: +41 (0)91 647 04 06 > =E2=80=A2 natalino.picone@nozominetworks.com = <mailto:natalino.picone@nozominetworks.com> >=20 > Nozomi Networks <https://www.nozominetworks.com/company/overview/>; | = The Leader in OT & IoT Security=20 > Website <https://www.nozominetworks.com/>; | Blog = <https://www.nozominetworks.com/blog/>; | Twitter = <https://twitter.com/nozominetworks>; | Linkedin=C2=A0|=C2=A0 = <https://www.linkedin.com/company/nozomi-networks-sa/>YouTube = <https://www.youtube.com/channel/UCcYhFsbFID6gwkU8DjfIycw>; | Podcast = <https://www.buzzsprout.com/1012066>; =20 >=20 > <Outlook-ivda3igo.png> <https://www.nozominetworks.com/>; --Apple-Mail=_8BC18703-5B5B-4E04-9AFF-3E1EDA885A1C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">The = only vulnerability in 1.1.1 was regarding the c_rehash script, which we = don't ship as part of FreeBSD. As such, we didn't push it into = so-maintained releng branches.<div class=3D""><br class=3D""></div><div = class=3D"">Best,</div><div class=3D"">Gordon</div><div class=3D"">Hat: = security-officer<br class=3D""><div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D"">On May 9, 2022, at 12:37 AM, = Natalino Picone <<a href=3D"mailto:natalino.picone@nozominetworks.com" = class=3D"">natalino.picone@nozominetworks.com</a>> wrote:</div><br = class=3D"Apple-interchange-newline"><div class=3D""><meta = charset=3D"UTF-8" class=3D""><div class=3D"elementToProof" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; font-family: = Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; = background-color: rgb(255, 255, 255);">Hi,</div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 10pt; background-color: rgb(255, 255, 255);">I was looking at the latest = OpenSSL CVE.</div><div class=3D"elementToProof" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; font-family: Calibri, Arial, Helvetica, = sans-serif; font-size: 10pt; background-color: rgb(255, 255, = 255);">Should this also be merged on 12.3? right now it has been done = only on 13.1<br class=3D""></div><div class=3D"elementToProof" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; font-family: = Calibri, Arial, Helvetica, sans-serif; font-size: 10pt; = background-color: rgb(255, 255, 255);"><br class=3D""></div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 10pt; background-color: rgb(255, 255, 255);"><a = href=3D"https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac5233= 2b53ebd7824965e6a7b4" id=3D"LPNoLPOWALinkPreview" = class=3D"">https://github.com/freebsd/freebsd-src/commit/2e121bd7c73932ac5= 2332b53ebd7824965e6a7b4</a></div><div class=3D"_EReadonly_1 = _EType_OWALinkPreview _Entity _EId_OWALinkPreview elementToProof" = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;"></div><br = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;" class=3D""><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 10pt; background-color: rgb(255, 255, 255);">Thanks,</div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 10pt; background-color: rgb(255, 255, 255);">Nat<br class=3D""></div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 10pt; background-color: rgb(255, 255, 255);"><br class=3D""></div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 10pt; background-color: rgb(255, 255, 255);"><br class=3D""></div><div = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;" class=3D""><div = style=3D"font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 10pt;" class=3D""><br class=3D""></div><div id=3D"Signature" = class=3D""><div class=3D""><div style=3D"font-family: Calibri, Arial, = Helvetica, sans-serif; font-size: 12pt;" class=3D""></div><div = style=3D"font-family: Calibri, Arial, Helvetica, sans-serif; font-size: = 12pt;" class=3D""><table class=3D""><tbody class=3D""><tr class=3D""><td = style=3D"padding: 0.75pt 0.75pt 0.75pt 6pt;" class=3D""><div = style=3D"margin: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; = line-height: 15pt;" class=3D""><b class=3D""><span lang=3D"EN-US" = style=3D"font-size: 13.5pt; font-family: Arial, sans-serif; color: = rgb(0, 156, 214);" class=3D"">Natalino Picone</span></b><span = style=3D"font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, = 73, 87);" class=3D""><span = class=3D"Apple-converted-space"> </span><br class=3D""></span><b = class=3D""><span style=3D"font-size: 10.5pt; font-family: Arial, = sans-serif; color: rgb(73, 73, 87);" class=3D"">Senior Product Security = Engineer</span></b><span style=3D"font-size: 9pt; font-family: Arial, = sans-serif; color: rgb(73, 73, 87);" class=3D""><br = class=3D""></span><span style=3D"font-size: 9pt; font-family: Arial, = sans-serif; color: rgb(209, 49, 100);" class=3D"">=E2=80=A2</span><span = style=3D"font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, = 73, 87);" class=3D""><span = class=3D"Apple-converted-space"> </span><strong class=3D""><span = class=3D"">Phone:<span = class=3D"Apple-converted-space"> </span></span></strong></span><span = lang=3D"EN-US" style=3D"font-size: 9pt; font-family: Arial, sans-serif; = color: rgb(73, 73, 87);" class=3D"">+41 (0)91 647 04 06</span><span = style=3D"font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, = 73, 87);" class=3D""><br class=3D""></span><span style=3D"font-size: = 9pt; font-family: Arial, sans-serif; color: rgb(209, 49, 100);" = class=3D"">=E2=80=A2</span><span style=3D"font-size: 9pt; font-family: = Arial, sans-serif; color: rgb(73, 73, 87);" class=3D""><span = class=3D"Apple-converted-space"> </span><a = href=3D"mailto:natalino.picone@nozominetworks.com" class=3D""><span = style=3D"color: rgb(0, 156, 214);" = class=3D"">natalino.picone@nozominetworks.com</span></a><br class=3D""><br= class=3D""><strong class=3D""><span class=3D""><a = href=3D"https://www.nozominetworks.com/company/overview/" class=3D""><span= style=3D"color: rgb(0, 156, 214);" class=3D"">Nozomi = Networks</span></a></span></strong><span = class=3D"Apple-converted-space"> </span>|<span = class=3D"Apple-converted-space"> </span><strong class=3D""><span = class=3D"">The Leader in<span = class=3D"Apple-converted-space"> </span></span></strong></span><stron= g class=3D""><span style=3D"font-size: 9pt; font-family: Arial, = sans-serif; color: rgb(209, 49, 100);" = class=3D"">OT</span></strong><strong class=3D""><span style=3D"font-size: = 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" = class=3D""><span class=3D"Apple-converted-space"> </span>&<span = class=3D"Apple-converted-space"> </span></span></strong><strong = class=3D""><span style=3D"font-size: 9pt; font-family: Arial, = sans-serif; color: rgb(209, 49, 100);" = class=3D"">IoT</span></strong><strong class=3D""><span style=3D"font-size:= 9pt; font-family: Arial, sans-serif; color: rgb(73, 73, 87);" = class=3D""><span = class=3D"Apple-converted-space"> </span>Security</span></strong><span= style=3D"font-size: 9pt; font-family: Arial, sans-serif; color: rgb(73, = 73, 87);" class=3D""><span = class=3D"Apple-converted-space"> </span><br class=3D""><a = href=3D"https://www.nozominetworks.com/" target=3D"new" class=3D""><strong= class=3D""><span style=3D"color: rgb(0, 156, 214);" = class=3D"">Website</span></strong></a><span = class=3D"Apple-converted-space"> </span>|<span = class=3D"Apple-converted-space"> </span><a = href=3D"https://www.nozominetworks.com/blog/" target=3D"new" = class=3D""><strong class=3D""><span style=3D"color: rgb(0, 156, 214);" = class=3D"">Blog</span></strong></a><span = class=3D"Apple-converted-space"> </span>|<span = class=3D"Apple-converted-space"> </span><a = href=3D"https://twitter.com/nozominetworks" target=3D"new" = class=3D""><strong class=3D""><span style=3D"color: rgb(0, 156, 214);" = class=3D"">Twitter</span></strong></a><span = class=3D"Apple-converted-space"> </span>|<span = class=3D"Apple-converted-space"> </span><a = href=3D"https://www.linkedin.com/company/nozomi-networks-sa/" = target=3D"new" class=3D""><strong class=3D""><span style=3D"color: = rgb(0, 156, 214);" class=3D"">Linkedin</span></strong><span = style=3D"color: rgb(0, 156, 214);" class=3D""><span = class=3D"Apple-converted-space"> </span>|<span = class=3D"Apple-converted-space"> </span></span></a><a = href=3D"https://www.youtube.com/channel/UCcYhFsbFID6gwkU8DjfIycw" = target=3D"new" class=3D""><strong class=3D""><span style=3D"color: = rgb(0, 156, 214);" class=3D"">YouTube</span></strong></a><span = class=3D"Apple-converted-space"> </span>|<span = class=3D"Apple-converted-space"> </span><a = href=3D"https://www.buzzsprout.com/1012066" target=3D"new" = class=3D""><strong class=3D""><span style=3D"color: rgb(0, 156, 214);" = class=3D"">Podcast</span></strong></a><span = class=3D"Apple-converted-space"> </span> </span></div></td></tr>= <tr class=3D""><td style=3D"padding: 0.75pt;" class=3D""><div = style=3D"margin: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; = line-height: 15pt;" class=3D""><span style=3D"font-size: 9pt; = font-family: Arial, sans-serif; color: rgb(73, 73, 87);" class=3D""><br = class=3D""></span><a href=3D"https://www.nozominetworks.com/" = title=3D"https://www.nozominetworks.com/" class=3D""><span = style=3D"font-size: 9pt; font-family: Arial, sans-serif; color: blue;" = class=3D""><span class=3D""><span = id=3D"cid:ebf60110-aadd-4447-9be4-4f415a1c031f"><Outlook-ivda3igo.png&g= t;</span></span></span></a></div></td></tr></tbody></table></div></div></d= iv></div></div></blockquote></div><br class=3D""></div></body></html>= --Apple-Mail=_8BC18703-5B5B-4E04-9AFF-3E1EDA885A1C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CD9DB746-D1BA-4110-B350-D93A4F6B7BBD>