Date: Wed, 25 Aug 2021 08:22:46 -0700 From: Gordon Tetlow <gordon@tetlows.org> To: mike tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:16.openssl Message-ID: <A032A5CA-9FF3-4DBE-A4AD-8AE20B48544D@tetlows.org> In-Reply-To: <44434c22-51c6-92cb-c9de-60fae4764347@sentex.net> References: <20210824205300.305BF72EF@freefall.freebsd.org> <44434c22-51c6-92cb-c9de-60fae4764347@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Aug 25, 2021, at 4:59 AM, mike tancsa <mike@sentex.net> wrote: >=20 > On 8/24/2021 4:53 PM, FreeBSD Security Advisories wrote: >>=20 >> Branch/path Hash = Revision >> = ------------------------------------------------------------------------- >> stable/13/ 9d31ae318711 = stable/13-n246940 >> releng/13.0/ 2261c814b7fa = releng/13.0-n244759 >> stable/12/ = r370385 >> releng/12.2/ = r370396 >> = ------------------------------------------------------------------------- >=20 >=20 > Hi All, >=20 > Was reading the original advisory at > = https://www.google.com/url?q=3Dhttps://www.openssl.org/news/secadv/2021082= 4.txt&source=3Dgmail-imap&ust=3D1630497552000000&usg=3DAOvVaw21BGr3aGIh9CK= IH3efYzY4 and it says >=20 > "OpenSSL versions 1.0.2y and below are affected by this = [CVE-2021-3712] > issue." >=20 > Does it not then impact RELENG11 ? >=20 > % openssl version > OpenSSL 1.0.2u-freebsd 20 Dec 2019 >=20 > I know RELENG_11 support ends in about a month, but should it not be > flagged ? As we don't have a support contract with OpenSSL to get access to 1.0.2 = patches, we could only roll the 1.1.1 patches. Best, Gordon Hat: security-officer=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A032A5CA-9FF3-4DBE-A4AD-8AE20B48544D>