Date: Mon, 14 Dec 2020 11:34:32 -0500 From: Ed Maste <emaste@freebsd.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <CAPyFy2Cru%2B8B9L2AZ%2BFDRR8qb4FhN9cdE6vWasu2jbX5KgQ8Hw@mail.gmail.com> In-Reply-To: <20201209230300.03251CA1@freefall.freebsd.org> References: <20201209230300.03251CA1@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Dec 2020 at 18:03, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-20:33.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL NULL pointer de-reference > > Category: contrib > Module: openssl > Announced: 2020-12-08 > Affects: All supported versions of FreeBSD. > Corrected: 2020-12-08 18:28:49 UTC (stable/12, 12.2-STABLE) > 2020-12-08 19:10:40 UTC (releng/12.2, 12.2-RELEASE-p2) > 2020-12-08 19:10:40 UTC (releng/12.1, 12.1-RELEASE-p12) > CVE Name: CVE-2020-1971 > > Note: The OpenSSL project has published publicly available patches for > versions included in FreeBSD 12.x. This vulnerability is also known to > affect OpenSSL versions included in FreeBSD 11.4. The fix has been backported by jkim@ to stable/11 in r368530: https://svnweb.freebsd.org/base?view=revision&revision=368530 It can be applied to a releng/11.4 Subversion checkout by executing (at the top of the checked-out tree): $ svn merge -c 368530 ^/stable/11 . I expect an updated advisory, including the 11.4 patch, to be released soon.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2Cru%2B8B9L2AZ%2BFDRR8qb4FhN9cdE6vWasu2jbX5KgQ8Hw>