[yocto] openssl and heartbleed

Paul Eggleton paul.eggleton at linux.intel.com
Mon Apr 14 10:26:36 PDT 2014


On Monday 14 April 2014 16:41:21 Martin Jansa wrote:
> On Mon, Apr 14, 2014 at 02:37:52PM +0000, Richard Schmitt wrote:
> > Does the Yocto project plan to have some response to the heartbleed
> > exploit in openssl in the near term?  Has this already been addressed?
>
> It was already addressed for master, daisy, dora and dylan.

Specifically, for master and daisy (what will be the 1.6 release), OpenSSL was 
upgraded to 1.0.1g which includes the fix. For dora (1.5) and dylan (1.4) 
branches, the specific fix was backported as a patch on top of 1.0.1e.

We haven't yet had a point release of 1.4 or 1.5 that includes the fix. At this 
point given the nature of our project, I'm not sure if we would rush to do 
one. It's certainly likely we will have a 1.5 point release in the near future 
though.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre



More information about the yocto mailing list