New openssl version was released 2 hours ago, I have sent an update which should make this patch obsolete. Peter
-----Original Message----- From: [email protected] <[email protected]> On Behalf Of Narpat Mali via lists.openembedded.org Sent: Tuesday, August 1, 2023 18:06 To: [email protected] Cc: [email protected] Subject: [OE-core][kirkstone][PATCH 1/1] openssl: fix for CVE-2023-2975 & CVE-2023-3446 > > From: Narpat Mali <[email protected]> > > CVE-2023-2975: AES-SIV implementation ignores empty associated data entries > https://nvd.nist.gov/vuln/detail/CVE-2023-2975 > > CVE-2023-3446: Excessive time spent checking DH keys and parameters > https://nvd.nist.gov/vuln/detail/CVE-2023-3446 > > Have also tested openssl ptest with both the CVE patches and it has been > successfully passed. > > Signed-off-by: Narpat Mali <[email protected]>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185257): https://lists.openembedded.org/g/openembedded-core/message/185257 Mute This Topic: https://lists.openembedded.org/mt/100486982/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
