[Librecmc-devel] CVE-2017-3737 - openssl
christopher at alaskasi.com
Tue Dec 19 19:04:08 EST 2017
Thanks. It seems like you guys notice the vulnerabilities as quickly as
I do, but if it looks like an important one has gone unnoticed I'll let
On Tue, 2017-12-19 at 18:32 -0500, Robert Call wrote:
> On Tue, 2017-12-19 at 07:41 -0900, Christopher Howard wrote:
> > Hi, is librecmc still on openssl 1.0.2l? I think that 1.0.2l and
> > 1.0.2m
> > are affected by CVE-2017-3737. Probably you've already scheduled to
> > patch that, but I thought I'd mention it just in case, since I
> > hadn't
> > seen in pop up in the git repository, and I knew you were planning
> > another release shortly.
> Thanks for bringing this to our attention. Usually we do stay on top
> critical CVEs like this and (sadly) this slipped by. There are a lot
> things that we are still working on, including a better mechanism for
> rolling out seamless updates.
> > I'm not sure if it helps at all to point out sec vulnerabilities,
> > or
> > if you guys are already combing the CVE's each morning.
> In this case, it did help. With the year winding down and prepping
> v1.4.2 for release, it has been kind of hectic.
> Robert Call (Bob)
> bob at librecmc.org
> Librecmc-devel mailing list
> Librecmc-devel at lists.librecmc.org
Enterprise Solutions Manager
Alaska Satellite Internet
3239 La Ree Way
Fairbanks, Alaska 99709
personal web site: https://qlfiles.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: This is a digitally signed message part
More information about the Librecmc-devel