[yocto] Truly scary SSL 3.0 vuln to be revealed soon:
Burton, Ross
ross.burton at intel.com
Wed Oct 15 08:31:55 PDT 2014
On 15 October 2014 11:07, Burton, Ross <ross.burton at intel.com> wrote:
> Presumably the list of affected packages is:
> - gnutls
> - openssl
> - nss
There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including
"disabling SSLv3 didn't work"...). I think considering the situation
we'd take the upgrade for dizzy, even though we've frozen. Anyone
volunteering to take lead of upgrading dizzy to 1.0.1j and backporting
the relevant patches to the previous releases? (eg daisy is on
1.0.1g).
Ross
More information about the yocto
mailing list