CVSROOT: /cvs Module name: ports Changes by: t...@cvs.openbsd.org 2023/10/24 09:24:49
Modified files: security/openssl/3.1: Makefile distinfo security/openssl/3.1/pkg: PLIST Log message: Update to OpenSSL 3.1.4 * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 Let's just say that the names are by far the most fortunate choice made in the design of these interfaces. Only one application is known to be affected by this and it's not in ports.