FreeBSD Security Advisory FreeBSD-SA-21:16.openssl
Gordon Tetlow
gordon at tetlows.org
Wed Aug 25 15:22:56 UTC 2021
> On Aug 25, 2021, at 4:59 AM, mike tancsa <mike at sentex.net> wrote:
>
> On 8/24/2021 4:53 PM, FreeBSD Security Advisories wrote:
>>
>> Branch/path Hash Revision
>> -------------------------------------------------------------------------
>> stable/13/ 9d31ae318711 stable/13-n246940
>> releng/13.0/ 2261c814b7fa releng/13.0-n244759
>> stable/12/ r370385
>> releng/12.2/ r370396
>> -------------------------------------------------------------------------
>
>
> Hi All,
>
> Was reading the original advisory at
> https://www.google.com/url?q=https://www.openssl.org/news/secadv/20210824.txt&source=gmail-imap&ust=1630497552000000&usg=AOvVaw21BGr3aGIh9CKIH3efYzY4 and it says
>
> "OpenSSL versions 1.0.2y and below are affected by this [CVE-2021-3712]
> issue."
>
> Does it not then impact RELENG11 ?
>
> % openssl version
> OpenSSL 1.0.2u-freebsd 20 Dec 2019
>
> I know RELENG_11 support ends in about a month, but should it not be
> flagged ?
As we don't have a support contract with OpenSSL to get access to 1.0.2 patches, we could only roll the 1.1.1 patches.
Best,
Gordon
Hat: security-officer
More information about the freebsd-security
mailing list