Ross, > > Presumably the list of affected packages is: > > - gnutls > > - openssl > > - nss > > There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including "disabling > SSLv3 didn't work"...). I think considering the situation we'd take the > upgrade for dizzy, even though we've frozen. Anyone volunteering to take > lead of upgrading dizzy to 1.0.1j and backporting the relevant patches to the > previous releases? (eg daisy is on 1.0.1g). > > Ross
Do you know if gnutls implements the SSLv3 protocol? I don't see any new security updates for gnutls (related to the SSLv3 vulnerability) ? /Sona -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
