On 8/25/2021 11:22 AM, Gordon Tetlow wrote: > Hi All, >> Was reading the original advisory at >> https://www.google.com/url?q=https://www.openssl.org/news/secadv/20210824.txt&source=gmail-imap&ust=1630497552000000&usg=AOvVaw21BGr3aGIh9CKIH3efYzY4 >> and it says >> >> "OpenSSL versions 1.0.2y and below are affected by this [CVE-2021-3712] >> issue." >> >> Does it not then impact RELENG11 ? >> >> % openssl version >> OpenSSL 1.0.2u-freebsd 20 Dec 2019 >> >> I know RELENG_11 support ends in about a month, but should it not be >> flagged ? > As we don't have a support contract with OpenSSL to get access to 1.0.2 > patches, we could only roll the 1.1.1 patches.
Hi Gordon, I was thinking more in terms of just a mention that RELENG_11 is indeed vulnerable, no ? ---Mike _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
