On Thu, Nov 3, 2022 at 5:54 AM Patrick Williams <[email protected]> wrote: > > On Tue, Nov 01, 2022 at 04:41:51PM -1000, Steve Sakoman wrote: > > From: Hitendra Prajapati <[email protected]> > > > > Upstream-Status: Backport from > > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b] > > Description: > > CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead > > to NULL encryption. > > Affects "openssl < 3.0.6" > > > > Signed-off-by: Hitendra Prajapati <[email protected]> > > Signed-off-by: Alexandre Belloni <[email protected]> > > (cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27) > > Signed-off-by: Steve Sakoman <[email protected]> > > Instead of picking up this patch, wouldn't it make a lot more sense to > go to 3.0.7 like we did with [1]? Since 3.0.7 contains a HIGH severity > CVE fix as well as the one mentioned here, it seems like we should get > that backported to both Langdale and Kirkstone quickly.
This patchset was tested and sent out for review prior to the 3.0.7 upgrade hitting master. Note that I have the 3.0.7 upgrade in the patches currently under test for both langdale and kirkstone: https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/langdale-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut If the langdale test succeeds I will include the 3.0.7 upgrade patch in the pull request for the above series (hopefully later today) Steve > 1. > https://lore.kernel.org/openembedded-core/[email protected]/ > > -- > Patrick Williams
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#172643): https://lists.openembedded.org/g/openembedded-core/message/172643 Mute This Topic: https://lists.openembedded.org/mt/94726924/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
