Date: Fri, 11 Dec 2020 12:14:42 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <20201211121442.1062671e@fabiankeil.de> In-Reply-To: <0ccfbeb4-c4e1-53e6-81e8-112318cd9bf1@netfence.it> References: <20201209230300.03251CA1@freefall.freebsd.org> <0ccfbeb4-c4e1-53e6-81e8-112318cd9bf1@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_//ciArv_5W.mpuyk+tBE4fSZ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Andrea Venturoli <ml@netfence.it> wrote on 2020-12-11: > On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote: >=20 > > Note: The OpenSSL project has published publicly available patches for > > versions included in FreeBSD 12.x. This vulnerability is also known to > > affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL > > project is only giving patches for that version to premium support cont= ract > > holders. The FreeBSD project does not have access to these patches and > > recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leve= rage > > up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Pro= ject > > may update this advisory to include FreeBSD 11.4 should patches become > > publicly available. >=20 > So I'm looking for suggestion on how to handle this. > I guess I'll just upgrade some 11.4 to 12.2 and that'll be it. The fix was already backported to stable/11 so it's now "publicly available= ": https://svnweb.freebsd.org/base?view=3Drevision&revision=3D368530 I expect that releng/11.4 will receive the fix in the near future. Fabian --Sig_//ciArv_5W.mpuyk+tBE4fSZ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTKUNd6H/m3+ByGULIFiohV/3dUnQUCX9NUogAKCRAFiohV/3dU nUy/AKCguZmaH22xeLW+4Qm/LT5KQJoDdQCcDHmAsS8397iP0voh1RuyuauDFHo= =iydC -----END PGP SIGNATURE----- --Sig_//ciArv_5W.mpuyk+tBE4fSZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201211121442.1062671e>