openssl advisories
Herbert J. Skuhra
herbert at gojira.at
Wed Feb 24 09:25:04 UTC 2021
On Wed, Feb 24, 2021 at 09:34:53AM +0100, Andrea Venturoli wrote:
> Hello.
>
> I saw OpenSSL has published some security updates last week, which some
> other OSes have already provided updated packages for.
> So I was kinda expecting a batch of security advisories for FreeBSD in these
> days.
> I was surprised, however, to see nothing openssl related coming.
>
> Are we not affected? Is such an SA expected in a few days?
>
> I'd just hate to begin upgrading every system and need to start over again
> before I even finish :)
- current has openssl-1.1.1j.
- stable/12 and stable/13 have openssl-1.1.1j.
- stable/11 has backported patches. CVE-2021-23839 unpatched?
- releng/13.0 has openssl-1.1.1j.
- releng/12.2 has openssl-1.1.1h and is obviously unpatched
(CVE-2021-23840 and CVE-2021-23841):
https://cgit.freebsd.org/src/log/crypto/openssl?h=releng/12.2
- the openssl port (head and 2021Q1) has openssl-1.1.1j
Yes, the information is missing at
https://www.freebsd.org/security/advisories/
--
Herbert
More information about the freebsd-questions
mailing list