FreeBSD Security Advisory FreeBSD-SA-21:16.openssl
mike tancsa
mike at sentex.net
Wed Aug 25 15:32:13 UTC 2021
On 8/25/2021 11:22 AM, Gordon Tetlow wrote:
> Hi All,
>> Was reading the original advisory at
>> https://www.google.com/url?q=https://www.openssl.org/news/secadv/20210824.txt&source=gmail-imap&ust=1630497552000000&usg=AOvVaw21BGr3aGIh9CKIH3efYzY4 and it says
>>
>> "OpenSSL versions 1.0.2y and below are affected by this [CVE-2021-3712]
>> issue."
>>
>> Does it not then impact RELENG11 ?
>>
>> % openssl version
>> OpenSSL 1.0.2u-freebsd 20 Dec 2019
>>
>> I know RELENG_11 support ends in about a month, but should it not be
>> flagged ?
> As we don't have a support contract with OpenSSL to get access to 1.0.2 patches, we could only roll the 1.1.1 patches.
Hi Gordon,
I was thinking more in terms of just a mention that RELENG_11 is
indeed vulnerable, no ?
---Mike
More information about the freebsd-security
mailing list