Hi Tim, > > Rather than backport, we should instead upgrade to 3.0.9 > https://www.cve.org/CVERecord?id=CVE-2023-0464 >
- Yes, upgrade is the ideal scenario we would be looking at. Even as per openssl.org the issue is solved in 3.0.9, 1.1.1u and 3.1.1, but those versions of OpenSSL (3.0.9, 3.1.1, 1.1.1u) are still under development and not yet released. - I will definately be keeping an eye out for those versions to be released and submit the version up patches as soon as its released after checking API compatability(which I feel wont be an issue). - But, till the time those versions aren't released, this backport helps to patch of a known CVE and hence submitted it. Regards, Siddharth
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#179078): https://lists.openembedded.org/g/openembedded-core/message/179078 Mute This Topic: https://lists.openembedded.org/mt/97820339/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
