On 02/12/2018 11:08 PM, robert_jos...@selinc.com wrote:
I'm working with the pyro release, and noticed that it's still using
openssl 1.0.2k. The latest version in the 1.0.2 series is 1.0.2n, which is
already available on master. Is there a reason that the newer version
hasn't made it back to pyro (or rocko, which is on 1.0.2m)? I know new
package versions are not normally backported, but looking at the change
log, I only see one change mentioned that is not a CVE fix (the 1.0.2l
release): > I can send patches to bring 1.0.2n to rocko and pyro if they will be

Yes please. The reason is that users of stable releases should take care of them too; the core team does not have the resources to do it for the users.

Openembedded-core mailing list

Reply via email to