Hi Brad,

Openssl is already upgrade to 1.1.1d, so please help sync to the latest version.

https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-connectivity/openssl

 

Please let me know, if you need me to submit patch for this upgrading.

 

Thanks,

Kwin.

 

> Hi,

> 

> Some openssl vulnerabilities are found by security scan on latest OpenBMC 

> which is using openssl 1.1.1c

> 

> CVE-2019-1549

> CVE-2019-1563

> CVE-2019-1547

> 

> They are fixed in latest openssl version 1.1.1d.

> 

> Do we have plan to upgrade openssl recently?

> 

> Thanks

 

I don’t think 1.1.1d has landed upstream yet.  If you update oe-core to 

1.1.1d I will pick it up once it lands there.

 

-brad