[OE-core] Truly scary SSL 3.0 vuln to be revealed soon:

[Burton, Ross]

On 15 October 2014 16:31, Burton, Ross <ross.burton at intel.com> wrote:
> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including
> "disabling SSLv3 didn't work"...).  I think considering the situation
> we'd take the upgrade for dizzy, even though we've frozen.  Anyone
> volunteering to take lead of upgrading dizzy to 1.0.1j and backporting
> the relevant patches to the previous releases? (eg daisy is on
> 1.0.1g).

For anyone else interested, I've currently got 1.0.1j patches for
dizzy in testing.  There's been debate over whether we backport the
fixes to daisy's 1.0.1g, or upgrade as the number of fixes is
growing...

Ross