<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type><!-- flashmail style begin -->
<STYLE type=text/css>
body {border-width:0;margin:0}
img {border:0;margin:0;padding:0}
</STYLE>
<BASE target=_blank><!-- flashmail style end -->
<META name=GENERATOR content="MSHTML 11.00.9600.19678"></HEAD>
<BODY
style="BORDER-LEFT-WIDTH: 0px; FONT-SIZE: 10.5pt; FONT-FAMILY: ΢ÈíÑźÚ; BORDER-RIGHT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; COLOR: #000000; MARGIN: 12px; LINE-HEIGHT: 1.5; BORDER-TOP-WIDTH: 0px"
marginheight="0" marginwidth="0">
<DIV>
<DIV class=modal-title>Brad,</DIV>
<DIV class=modal-title style="FONT-FAMILY: Times New Roman">There is a CVE
reported in openSSL 1.1.1d (used by current openbmc). Severity is high.
</DIV>
<DIV class=modal-title>
<TABLE id=flashmail_table_2
style="FONT-SIZE: 10pt; BORDER-TOP: medium none; BORDER-RIGHT: medium none; BORDER-COLLAPSE: collapse; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none"
borderColor=#000000 cellSpacing=0 cellPadding=2 border=1>
<CAPTION><SPAN
style="FONT-SIZE: 10.5pt; FONT-FAMILY: Times New Roman"></SPAN></CAPTION>
<TBODY>
<TR>
<TD
style="BORDER-TOP: #000000 1px solid; BORDER-RIGHT: #000000 1px solid; BORDER-BOTTOM: #000000 1px solid; BORDER-LEFT: #000000 1px solid"
width=874 noWrap><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: ΢ÈíÑźÚ">
<DIV>
<DIV class=modal-title style="FONT-FAMILY: Times New Roman"><A
href="https://nvd.nist.gov/vuln/detail/CVE-2020-1967"
rel="noopener noreferrer" target=_blank
data-original-title="See NVD description. Opens in new window."><SPAN
style="FONT-FAMILY: Times New Roman">CVE-2020-1967</SPAN></A>
<A href="https://nvd.nist.gov/vuln/detail/CVE-2020-1967"><SPAN
style="FONT-FAMILY: Times New Roman">https://nvd.nist.gov/vuln/detail/CVE-2020-1967</SPAN></A></DIV>
<DIV class=modal-title style="FONT-FAMILY: Times New Roman"> </DIV>
<DIV class=modal-title><SPAN style="FONT-FAMILY: Times New Roman"
data-v-3e891d48="">Server or client applications that call the
SSL_check_chain() function during or after a TLS 1.3 handshake may crash
due to a NULL pointer dereference as a result of incorrect handling of the
"signature_algorithms_cert" TLS extension. The crash occurs if an invalid
or unrecognised signature algorithm is received from the peer. This could
be exploited by a malicious peer in a Denial of Service attack. OpenSSL
version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue
did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g
(Affected
1.1.1d-1.1.1f).</SPAN></DIV></DIV></SPAN></TD></TR></TBODY></TABLE></DIV>
<DIV class=modal-title><SPAN
style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; COLOR: rgb(33,33,33); FONT: 13px/18px Times New Roman; WIDOWS: 1; DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px"></SPAN><SPAN
style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; COLOR: rgb(33,33,33); FONT: 13px/18px Times New Roman; WIDOWS: 1; DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px"></SPAN> </DIV>
<DIV class=modal-title><SPAN
style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; COLOR: rgb(33,33,33); FONT: 13px/18px Times New Roman; WIDOWS: 1; DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px">It
is fixed in 1.1.1g. U</SPAN><SPAN
style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; COLOR: rgb(33,33,33); FONT: 13px/18px Times New Roman; WIDOWS: 1; DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px">pstream
recipe already point openssl to latest version (1.1.1g).</SPAN></DIV>
<DIV class=modal-title><SPAN
style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; COLOR: rgb(33,33,33); FONT: 13px/18px 'Roboto Mono', Menlo, 'Lucida Console', Monaco, monospace; WIDOWS: 1; DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px"><A
href="https://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb"><FONT
face="Times New Roman"><SPAN
style="FONT-FAMILY: Times New Roman">https://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb</SPAN></FONT></A></SPAN></DIV>
<DIV class=modal-title><SPAN
style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; COLOR: rgb(33,33,33); FONT: 13px/18px Times New Roman; WIDOWS: 1; DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px"></SPAN> </DIV>
<DIV class=modal-title><SPAN
style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; COLOR: rgb(33,33,33); FONT: 13px/18px Times New Roman; WIDOWS: 1; DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px">Will
you update poky subtree to latest?</SPAN></DIV></DIV></BODY></HTML>