> On Oct 23, 2024, at 12:26 PM, Daniel Engberg <[email protected]> wrote: > > Hi, > > I just had a quick look at contrib and found the following: > > OpenSSL should probably be updated due to > https://openssl-library.org/news/secadv/20241016.txt > > Not imported as far as I can tell > > expat(2) should probably be updated due to > https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes > > Committed in main as of ffd294a1f4c23863c3e515d16dce31d5509bcb01
Hi Daniel,
I see that you posted this over 2 months ago, but I wanted to get back
to you since no one did...
- Xin Li took care of the 2.6.4 update / MFC of my changes.
- CVE-2024-9143 is a low severity OpenSSL CVE (the CVE sounds like it’s
not likely to trigger in the wild due to a combination of reasons). If I was
re@, I’d personally like to see it rolled into an actual OpenSSL release first
before taking the change in to a FreeBSD release so close to the actual FreeBSD
release, or have it be rolled in to main and get some wall time first.
I’ll see if I can do something about the CVE, since my group already
tried addressing it [upstream].
Cheers,
-Enji
signature.asc
Description: Message signed with OpenPGP
