Hi Brad,
Openssl is already upgrade to 1.1.1d, so please help sync to the latest version.
https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-connectivity/openssl

Please let me know, if you need me to submit patch for this upgrading.

Thanks,
Kwin.

> Hi,
>
> Some openssl vulnerabilities are found by security scan on latest OpenBMC
> which is using openssl 1.1.1c
>
> CVE-2019-1549
> CVE-2019-1563
> CVE-2019-1547
>
> They are fixed in latest openssl version 1.1.1d.
>
> Do we have plan to upgrade openssl recently?
>
> Thanks

I don't think 1.1.1d has landed upstream yet.  If you update oe-core to
1.1.1d I will pick it up once it lands there.

-brad