On 15 October 2014 16:31, Burton, Ross <ross.bur...@intel.com> wrote:
> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including
> "disabling SSLv3 didn't work"...).  I think considering the situation
> we'd take the upgrade for dizzy, even though we've frozen.  Anyone
> volunteering to take lead of upgrading dizzy to 1.0.1j and backporting
> the relevant patches to the previous releases? (eg daisy is on
> 1.0.1g).

For anyone else interested, I've currently got 1.0.1j patches for
dizzy in testing.  There's been debate over whether we backport the
fixes to daisy's 1.0.1g, or upgrade as the number of fixes is
growing...

Ross
-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to