Date: Wed, 25 Aug 2021 11:32:11 -0400 From: mike tancsa <mike@sentex.net> To: Gordon Tetlow <gordon@tetlows.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:16.openssl Message-ID: <c63f05fa-b710-e577-845e-c019c08de4df@sentex.net> In-Reply-To: <A032A5CA-9FF3-4DBE-A4AD-8AE20B48544D@tetlows.org> References: <20210824205300.305BF72EF@freefall.freebsd.org> <44434c22-51c6-92cb-c9de-60fae4764347@sentex.net> <A032A5CA-9FF3-4DBE-A4AD-8AE20B48544D@tetlows.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/25/2021 11:22 AM, Gordon Tetlow wrote: > Hi All, >> Was reading the original advisory at >> https://www.google.com/url?q=https://www.openssl.org/news/secadv/20210824.txt&source=gmail-imap&ust=1630497552000000&usg=AOvVaw21BGr3aGIh9CKIH3efYzY4 and it says >> >> "OpenSSL versions 1.0.2y and below are affected by this [CVE-2021-3712] >> issue." >> >> Does it not then impact RELENG11 ? >> >> % openssl version >> OpenSSL 1.0.2u-freebsd 20 Dec 2019 >> >> I know RELENG_11 support ends in about a month, but should it not be >> flagged ? > As we don't have a support contract with OpenSSL to get access to 1.0.2 patches, we could only roll the 1.1.1 patches. Hi Gordon, I was thinking more in terms of just a mention that RELENG_11 is indeed vulnerable, no ? ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c63f05fa-b710-e577-845e-c019c08de4df>