From owner-freebsd-security@freebsd.org Mon Dec 14 16:47:05 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D26AA4BE5A0 for ; Mon, 14 Dec 2020 16:47:05 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-il1-f180.google.com (mail-il1-f180.google.com [209.85.166.180]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CvnNn0Mlhz3KXD for ; Mon, 14 Dec 2020 16:47:04 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-il1-f180.google.com with SMTP id r17so16368590ilo.11 for ; Mon, 14 Dec 2020 08:47:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=1aFuKaw2eNDpiFIL7HedE9ld6k3bArOIPOvnY1KPerY=; b=nXeDaFVfOH39xHHNAWJHPh0C0DZfTnoODG7vqTsfTtsryrVQelDoU0N4B5EA/I0BcE kmLmEkQ+ONLN1v+tvK0M02yJlw0Xl0qN4liNsSWFziA4TZ5jsz3hS6tEV9Zq6pDj+TG3 I4BQulDc9N8ftqSCWzPbyRST2QpN+0V357IQwTzGuhM2PCVUvgF9wb9+WqaVQXR1xQZb LxikJLaucqUwAKsLG5EbyKQvKaLLuOkHlLB0+co352fEEl0CAJSsao5wKKxltnRMKcKg RjB4eLs4VhIqk2g30+z21HO5rpp4Eq6Mwazsmos8xMpoqsJmqaZ8ZvKy0mKmgq4gjY5N 3P/w== X-Gm-Message-State: AOAM531uOAPjLU92PcqSqbVt0D08MlIBVOxSdpyv/xn7zLKVF8NkV2bE 1kr/mvgOpUVaVbcthPB4Ri+aQ8Pm8IrNslM2WwA= X-Google-Smtp-Source: ABdhPJx8wo7Wyl4nMQpgzWcapaeJM1+Isn4c+PBFFTWcPGCvy3vb791GinBSaqcPdf4iiYbi7aqGL1rF1N6IxEhkL4k= X-Received: by 2002:a92:4a12:: with SMTP id m18mr35870001ilf.98.1607964424151; Mon, 14 Dec 2020 08:47:04 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Ed Maste Date: Mon, 14 Dec 2020 11:46:52 -0500 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl To: "Wall, Stephen" Cc: Bob Bishop , "freebsd-security@freebsd.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4CvnNn0Mlhz3KXD X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.180 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RBL_DBL_DONT_QUERY_IPS(0.00)[209.85.166.180:from]; R_DKIM_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FREEFALL_USER(0.00)[carpeddiem]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; SPAMHAUS_ZRD(0.00)[209.85.166.180:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.166.180:from]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.180:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2020 16:47:05 -0000 On Thu, 10 Dec 2020 at 10:43, Wall, Stephen wrote= : > > > A query: am I right that the patch doesn=E2=80=99t bump the OpenSSL ver= sion to 1.1.1.i ? > > That is correct. Further to that, OpenSSL 1.1.1i includes some additional, minor changes beyond the vulnerability fix. 1.1.1i is now in HEAD (as of r368472) and has been merged to stable/12.