[yocto] Truly scary SSL 3.0 vuln to be revealed soon:
Sona Sarmadi
sona.sarmadi at enea.com
Thu Oct 16 04:04:10 PDT 2014
Hi Ross
> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including "disabling
> SSLv3 didn't work"...). I think considering the situation we'd take the
> upgrade for dizzy, even though we've frozen. Anyone volunteering to take
> lead of upgrading dizzy to 1.0.1j and backporting the relevant patches to the
> previous releases? (eg daisy is on 1.0.1g).
>
> Ross
Sorry, I missed this, I am preparing patches for daisy. I have sent two patches to OE-core list for daisy and I will sent two more. Does those two patches look ok?
I have built core-image-minimal for qemuarm and booted. I haven't done more tests to verify the fixes. I will search and see if I can find suitable tests so we can run proper tests at the end after applying all patches.
-- Sona
More information about the yocto
mailing list