On Thu, Nov 03, 2022 at 06:28:04AM -1000, Steve Sakoman wrote:
> On Thu, Nov 3, 2022 at 5:54 AM Patrick Williams wrote:
> > Instead of picking up this patch, wouldn't it make a lot more sense to
> > go to 3.0.7 like we did with [1]? Since 3.0.7 contains a HIGH severity
> > CVE fix as well as the
On Thu, Nov 3, 2022 at 5:54 AM Patrick Williams wrote:
>
> On Tue, Nov 01, 2022 at 04:41:51PM -1000, Steve Sakoman wrote:
> > From: Hitendra Prajapati
> >
> > Upstream-Status: Backport from
> >
On Tue, Nov 01, 2022 at 04:41:51PM -1000, Steve Sakoman wrote:
> From: Hitendra Prajapati
>
> Upstream-Status: Backport from
> https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
> Description:
> CVE-2022-3358 openssl: Using a Custom
From: Hitendra Prajapati
Upstream-Status: Backport from
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
Description:
CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to
NULL encryption.
Affects "openssl < 3.0.6"