On Tue, Nov 01, 2022 at 04:41:51PM -1000, Steve Sakoman wrote:
> From: Hitendra Prajapati <hprajapati@mvista.com>
> 
> Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
> Description:
> 	CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption.
> Affects "openssl < 3.0.6"
> 
> Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> (cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Instead of picking up this patch, wouldn't it make a lot more sense to
go to 3.0.7 like we did with [1]?  Since 3.0.7 contains a HIGH severity
CVE fix as well as the one mentioned here, it seems like we should get
that backported to both Langdale and Kirkstone quickly.


1. https://lore.kernel.org/openembedded-core/20221101170310.2740317-1-edtanous@google.com/

-- 
Patrick Williams