[yocto] Truly scary SSL 3.0 vuln to be revealed soon:
Sona Sarmadi
sona.sarmadi at enea.com
Thu Oct 16 09:09:30 PDT 2014
Ross,
> > Presumably the list of affected packages is:
> > - gnutls
> > - openssl
> > - nss
>
> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including "disabling
> SSLv3 didn't work"...). I think considering the situation we'd take the
> upgrade for dizzy, even though we've frozen. Anyone volunteering to take
> lead of upgrading dizzy to 1.0.1j and backporting the relevant patches to the
> previous releases? (eg daisy is on 1.0.1g).
>
> Ross
Do you know if gnutls implements the SSLv3 protocol? I don't see any new security updates for gnutls (related to the SSLv3 vulnerability) ?
/Sona
More information about the yocto
mailing list