> On Aug 25, 2021, at 4:59 AM, mike tancsa <mike at sentex.net> wrote:
>
> On 8/24/2021 4:53 PM, FreeBSD Security Advisories wrote:
>>
>> Branch/path Hash
Revision
>>
-------------------------------------------------------------------------
>> stable/13/ 9d31ae318711
stable/13-n246940
>> releng/13.0/ 2261c814b7fa
releng/13.0-n244759
>> stable/12/
r370385
>> releng/12.2/
r370396
>>
-------------------------------------------------------------------------
>
>
> Hi All,
>
> Was reading the original advisory at
>
https://www.google.com/url?q=https://www.openssl.org/news/secadv/20210824.txt&source=gmail-imap&ust=1630497552000000&usg=AOvVaw21BGr3aGIh9CKIH3efYzY4
and it says
>
> "OpenSSL versions 1.0.2y and below are affected by this
[CVE-2021-3712]
> issue."
>
> Does it not then impact RELENG11 ?
>
> % openssl version
> OpenSSL 1.0.2u-freebsd 20 Dec 2019
>
> I know RELENG_11 support ends in about a month, but should it not be
> flagged ?
As we don't have a support contract with OpenSSL to get access to 1.0.2
patches, we could only roll the 1.1.1 patches.
Best,
Gordon
Hat: security-officer