On 15 October 2014 11:07, Burton, Ross <ross.bur...@intel.com> wrote: > Presumably the list of affected packages is: > - gnutls > - openssl > - nss
There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including "disabling SSLv3 didn't work"...). I think considering the situation we'd take the upgrade for dizzy, even though we've frozen. Anyone volunteering to take lead of upgrading dizzy to 1.0.1j and backporting the relevant patches to the previous releases? (eg daisy is on 1.0.1g). Ross -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
