[Librecmc-devel] CVE-2017-3737 - openssl

Robert Call bob at librecmc.org
Tue Dec 19 18:32:16 EST 2017


On Tue, 2017-12-19 at 07:41 -0900, Christopher Howard wrote:
> Hi, is librecmc still on openssl 1.0.2l? I think that 1.0.2l and
> 1.0.2m
> are affected by CVE-2017-3737. Probably you've already scheduled to
> patch that, but I thought I'd mention it just in case, since I hadn't
> seen in pop up in the git repository, and I knew you were planning
> another release shortly.
> 

Thanks for bringing this to our attention. Usually we do stay on top of
critical CVEs like this and (sadly) this slipped by. There are a lot of
things that we are still working on, including a better mechanism for
rolling out seamless updates. 

> I'm not sure if it helps at all to point out sec vulnerabilities, or
> if you guys are already combing the CVE's each morning.

In this case, it did help. With the year winding down and prepping v1.4.2 for release, it has been kind of hectic.
--
Robert Call (Bob)
bob at librecmc.org
https://librecmc.org



More information about the Librecmc-devel mailing list