Date: Fri, 11 Dec 2020 12:14:42 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <20201211121442.1062671e@fabiankeil.de> In-Reply-To: <0ccfbeb4-c4e1-53e6-81e8-112318cd9bf1@netfence.it> References: <20201209230300.03251CA1@freefall.freebsd.org> <0ccfbeb4-c4e1-53e6-81e8-112318cd9bf1@netfence.it>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Andrea Venturoli <ml@netfence.it> wrote on 2020-12-11: > On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote: > > > Note: The OpenSSL project has published publicly available patches for > > versions included in FreeBSD 12.x. This vulnerability is also known to > > affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL > > project is only giving patches for that version to premium support contract > > holders. The FreeBSD project does not have access to these patches and > > recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leverage > > up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Project > > may update this advisory to include FreeBSD 11.4 should patches become > > publicly available. > > So I'm looking for suggestion on how to handle this. > I guess I'll just upgrade some 11.4 to 12.2 and that'll be it. The fix was already backported to stable/11 so it's now "publicly available": https://svnweb.freebsd.org/base?view=revision&revision=368530 I expect that releng/11.4 will receive the fix in the near future. Fabian [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTKUNd6H/m3+ByGULIFiohV/3dUnQUCX9NUogAKCRAFiohV/3dU nUy/AKCguZmaH22xeLW+4Qm/LT5KQJoDdQCcDHmAsS8397iP0voh1RuyuauDFHo= =iydC -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201211121442.1062671e>