[Librecmc-devel] CVE-2017-3737 - openssl

Christopher Howard christopher at alaskasi.com
Tue Dec 19 19:04:08 EST 2017

Thanks. It seems like you guys notice the vulnerabilities as quickly as
I do, but if it looks like an important one has gone unnoticed I'll let
you know.

On Tue, 2017-12-19 at 18:32 -0500, Robert Call wrote:
> On Tue, 2017-12-19 at 07:41 -0900, Christopher Howard wrote:
> > Hi, is librecmc still on openssl 1.0.2l? I think that 1.0.2l and
> > 1.0.2m
> > are affected by CVE-2017-3737. Probably you've already scheduled to
> > patch that, but I thought I'd mention it just in case, since I
> > hadn't
> > seen in pop up in the git repository, and I knew you were planning
> > another release shortly.
> > 
> Thanks for bringing this to our attention. Usually we do stay on top
> of
> critical CVEs like this and (sadly) this slipped by. There are a lot
> of
> things that we are still working on, including a better mechanism for
> rolling out seamless updates. 
> > I'm not sure if it helps at all to point out sec vulnerabilities,
> > or
> > if you guys are already combing the CVE's each morning.
> In this case, it did help. With the year winding down and prepping
> v1.4.2 for release, it has been kind of hectic.
> --
> Robert Call (Bob)
> bob at librecmc.org
> https://librecmc.org
> _______________________________________________
> Librecmc-devel mailing list
> Librecmc-devel at lists.librecmc.org
> https://lists.librecmc.org/mailman/listinfo/librecmc-devel
Christopher Howard
Enterprise Solutions Manager
Alaska Satellite Internet
3239 La Ree Way
Fairbanks, Alaska 99709
personal web site: https://qlfiles.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.librecmc.org/pipermail/librecmc-devel/attachments/20171219/721c9890/attachment.sig>

More information about the Librecmc-devel mailing list