On Tue, Mar 30, 2021 at 05:22:30PM +0200, Guido Falsi via freebsd-stable wrote:
No, as you can see in the commit in the official git [1] while for current and stable the new upstream version of openssl was imported for the release the fix was applied without importing the new release and without changing the reported version of the library. So with 12.2p5 you do get the fix but don't get a new version of the library. [1] https://cgit.freebsd.org/src/commit/?h=releng/12.2&id=af61348d61f51a88b438d41c3c91b56b2b65ed9b
On this url, near the top, there's this: "Fix multiple OpenSSL vulnerabilities. Add UPDATING and bump version." next to that, we have "releng/12.2".So, I'm expecting the version information pertaining to opensslto be bumped. Is this expectation unreasonable? I'm not a developer.
-- J.
signature.asc
Description: PGP signature
