All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Wang, Kuiying" <kuiying.wang@intel.com>
To: "openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>
Cc: "Xu, Qiang" <qiang.xu@intel.com>,
	"Jia, Chunhui" <chunhui.jia@intel.com>,
	 Brad Bishop <bradleyb@fuzziesquirrel.com>,
	"Mihm, James" <james.mihm@intel.com>,
	"Shi, Yilei" <yilei.shi@intel.com>
Subject: OpenBMC CVE issues in openssl
Date: Tue, 24 Sep 2019 02:25:56 +0000	[thread overview]
Message-ID: <959CAFA1E282D14FB901BE9A7BF4E7724E52C8BD@shsmsx102.ccr.corp.intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 709 bytes --]

Hi Brad,
Openssl is already upgrade to 1.1.1d, so please help sync to the latest version.
https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-connectivity/openssl

Please let me know, if you need me to submit patch for this upgrading.

Thanks,
Kwin.

> Hi,
>
> Some openssl vulnerabilities are found by security scan on latest OpenBMC
> which is using openssl 1.1.1c
>
> CVE-2019-1549
> CVE-2019-1563
> CVE-2019-1547
>
> They are fixed in latest openssl version 1.1.1d.
>
> Do we have plan to upgrade openssl recently?
>
> Thanks

I don't think 1.1.1d has landed upstream yet.  If you update oe-core to
1.1.1d I will pick it up once it lands there.

-brad


[-- Attachment #2: Type: text/html, Size: 5864 bytes --]

             reply	other threads:[~2019-09-24  2:26 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-24  2:25 Wang, Kuiying [this message]
2019-09-24  2:41 ` OpenBMC CVE issues in openssl Brad Bishop
2019-09-24  2:48   ` Wang, Kuiying
2019-09-24 11:11     ` Brad Bishop
2019-09-25  1:22       ` Wang, Kuiying
2020-05-07  7:43   ` openssl upgrade chunhui.jia
2020-05-07 16:54     ` openssl upgrade CVE-2020-1967 Joseph Reynolds
2020-05-08  0:27       ` chunhui.jia
  -- strict thread matches above, loose matches on Subject: below --
2019-09-18  6:05 OpenBMC CVE issues in openssl Xu, Qiang
2019-09-18 14:49 ` Brad Bishop

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=959CAFA1E282D14FB901BE9A7BF4E7724E52C8BD@shsmsx102.ccr.corp.intel.com \
    --to=kuiying.wang@intel.com \
    --cc=bradleyb@fuzziesquirrel.com \
    --cc=chunhui.jia@intel.com \
    --cc=james.mihm@intel.com \
    --cc=openbmc@lists.ozlabs.org \
    --cc=qiang.xu@intel.com \
    --cc=yilei.shi@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.