-----Original Message----- From: [email protected] <[email protected]> On Behalf Of Siddharth via lists.openembedded.org Sent: Sunday, June 2, 2024 18:45 To: [email protected] Cc: Siddharth Doshi <[email protected]> Subject: [OE-core][kirkstone][PATCH] openssl: Security fix for CVE-2024-4741
> From: Siddharth Doshi <[email protected]> > > Upstream-Status: Backport from > [https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397] Nitpick : above commit link references commit for CVE-2024-4603 (copy+paste error). The main problem of this patch (and the same patch for scarthgap) is that it's picking only one out of 5 commits referencing this CVE. At least https://github.com/openssl/openssl/commit/2d05959073c4bf8803401668b9df85931a08e020 needs to be picked. But ideally also the remaining 3 which extend tests should be picked to verify these changes in ptest. https://github.com/openssl/openssl/commit/6fef334f914abfcd988e53a32d19f01d84529f74 https://github.com/openssl/openssl/commit/1359c00e683840154760b7ba9204bad1b13dc074 https://github.com/openssl/openssl/commit/d095674320c84b8ed1250715b1dd5ce05f9f267b Peter > > CVE's Fixed: > CVE-2024-4741:Use After Free with SSL_free_buffers > > Signed-off-by: Siddharth Doshi <[email protected]>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#200213): https://lists.openembedded.org/g/openembedded-core/message/200213 Mute This Topic: https://lists.openembedded.org/mt/106446509/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
