On 15 October 2014 16:31, Burton, Ross <ross.bur...@intel.com> wrote: > There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including > "disabling SSLv3 didn't work"...). I think considering the situation > we'd take the upgrade for dizzy, even though we've frozen. Anyone > volunteering to take lead of upgrading dizzy to 1.0.1j and backporting > the relevant patches to the previous releases? (eg daisy is on > 1.0.1g).
For anyone else interested, I've currently got 1.0.1j patches for dizzy in testing. There's been debate over whether we backport the fixes to daisy's 1.0.1g, or upgrade as the number of fixes is growing... Ross -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
