On Wed, 9 Dec 2020 at 18:03, FreeBSD Security Advisories <security-advisor...@freebsd.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-20:33.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL NULL pointer de-reference > > Category: contrib > Module: openssl > Announced: 2020-12-08 > Affects: All supported versions of FreeBSD. > Corrected: 2020-12-08 18:28:49 UTC (stable/12, 12.2-STABLE) > 2020-12-08 19:10:40 UTC (releng/12.2, 12.2-RELEASE-p2) > 2020-12-08 19:10:40 UTC (releng/12.1, 12.1-RELEASE-p12) > CVE Name: CVE-2020-1971 > > Note: The OpenSSL project has published publicly available patches for > versions included in FreeBSD 12.x. This vulnerability is also known to > affect OpenSSL versions included in FreeBSD 11.4.
The fix has been backported by jkim@ to stable/11 in r368530: https://svnweb.freebsd.org/base?view=revision&revision=368530 It can be applied to a releng/11.4 Subversion checkout by executing (at the top of the checked-out tree): $ svn merge -c 368530 ^/stable/11 . I expect an updated advisory, including the 11.4 patch, to be released soon. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"