[OE-core] [PATCH] OpenSSL: SSLv3 POODLE vulnerability (CVE-2014-3566)
Sona Sarmadi
sona.sarmadi at enea.com
Thu Oct 16 06:11:17 UTC 2014
>
> Sona,
>
> Does it make more sense to update to 1.0.1j directly (I know it's late in the
> 1.7 release cycle), but given there are 3 other CVEs fixed in 'j'
> along with some other fixes. People may look more at the version that is
> part of 1.7 than the back ported fixes.
>
> Please review the changes for 1.0.1j it may be a better approach even at this
> late stage.
>
> Sau!
Hi Saul,
I didn't get any comment on https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843 so I don't know what is the best approach for 1.7 .
You guys decide what to do for 1.7 :) I will re-send the patch for daisy.
I have patch for the other three CVEs as well, I am running some tests, when I am finished I will send all 4 patches.
Please ignore this one.
/Sona
More information about the Openembedded-core
mailing list