From: Zhenhua Luo <zhenhua.luo@nxp.com>
To: Sona Sarmadi <sona.sarmadi@enea.com>
Cc: "meta-freescale@yoctoproject.org" <meta-freescale@yoctoproject.org>
Subject: Re: meta-fsl-ppc in krogoth branch is using a vulnerable version of OpenSSL (openssl_1.0.1i).
Date: Tue, 27 Sep 2016 10:10:07 +0000 [thread overview]
Message-ID: <DB6PR0401MB26308C7020FAB81593F83BEFEECC0@DB6PR0401MB2630.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <3230301C09DEF9499B442BBE162C5E48ABE4297B@SESTOEX04.enea.se>
[-- Attachment #1: Type: text/plain, Size: 1964 bytes --]
Hi Sona,
Is it possible to backport the vulnerability patches for openssl_1.0.1i directly? This version is fully verified by our testing.
Best Regards,
Zhenhua
From: meta-freescale-bounces@yoctoproject.org [mailto:meta-freescale-bounces@yoctoproject.org] On Behalf Of Sona Sarmadi
Sent: Tuesday, September 27, 2016 2:10 PM
To: meta-freescale@yoctoproject.org
Subject: [meta-freescale] meta-fsl-ppc in krogoth branch is using a vulnerable version of OpenSSL (openssl_1.0.1i).
Hi guys
meta-fsl-ppc/recipes-connectivity/openssl in krogoth is using a vulnerable version of OpenSSL (openssl_1.0.1i).
OpenSSL recommends 1.0.1 users to upgrade to 1.0.1u version:
https://www.openssl.org/news/secadv/20160922.txt
Can we upgrade openssl version or do you prefer to keep this version? In this case I can try to backport individual patches if possible.
Regards
//Sona
---------------------------------------
Sona Sarmadi
Security Responsible for Enea Linux/
GPG Fingerprint: 444F A5E9 CDC6 4620 85C7 2CA9 60FF AF33 15BD 5928
Enea Software AB
Jan Stenbecks Torg 17
P.O Box 1033
SE-164 26 Kista, Sweden
Phone +46 70 971 4475
www.enea.com<www.enea.com%20>
This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake
please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone. All messages sent to and from
Enea may be monitored to ensure compliance with internal policies and to protect our business. Emails are not secure and cannot be guaranteed to be
error free as they can be intercepted, a mended, lost or destroyed, or contain viruses. The sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a result of email transmission. Anyone who communicates with us by email accepts these risks.
[-- Attachment #2: Type: text/html, Size: 9301 bytes --]
next prev parent reply other threads:[~2016-09-27 10:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-27 6:10 meta-fsl-ppc in krogoth branch is using a vulnerable version of OpenSSL (openssl_1.0.1i) Sona Sarmadi
2016-09-27 10:10 ` Zhenhua Luo [this message]
2016-09-28 6:22 ` Sona Sarmadi
2016-09-28 10:49 ` Sona Sarmadi
2016-09-29 3:07 ` Zhenhua Luo
2016-09-29 6:41 ` Sona Sarmadi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DB6PR0401MB26308C7020FAB81593F83BEFEECC0@DB6PR0401MB2630.eurprd04.prod.outlook.com \
--to=zhenhua.luo@nxp.com \
--cc=meta-freescale@yoctoproject.org \
--cc=sona.sarmadi@enea.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.