Andrea Venturoli <m...@netfence.it> wrote on 2020-12-11: > On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote: > > > Note: The OpenSSL project has published publicly available patches for > > versions included in FreeBSD 12.x. This vulnerability is also known to > > affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL > > project is only giving patches for that version to premium support contract > > holders. The FreeBSD project does not have access to these patches and > > recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leverage > > up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Project > > may update this advisory to include FreeBSD 11.4 should patches become > > publicly available. > > So I'm looking for suggestion on how to handle this. > I guess I'll just upgrade some 11.4 to 12.2 and that'll be it.
The fix was already backported to stable/11 so it's now "publicly available": https://svnweb.freebsd.org/base?view=revision&revision=368530 I expect that releng/11.4 will receive the fix in the near future. Fabian
pgpW1Wp6QrP6r.pgp
Description: OpenPGP digital signature