[OpenWrt-Devel] [PATCH] openssl: bump to 1.1.1d

Eneas Queiroz cotequeiroz at gmail.com
Sun Sep 22 21:29:07 EDT 2019


On Tue, Sep 17, 2019 at 10:52 AM Eneas U de Queiroz
<cotequeiroz at gmail.com> wrote:
>
> This version fixes 3 low-severity vulnerabilities:
>
> - CVE-2019-1547: ECDSA remote timing attack
> - CVE-2019-1549: Fork Protection
> - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
>                  CMS_decrypt_set1_pkey
>
> Patches were refreshed.
>
> Signed-off-by: Eneas U de Queiroz <cotequeiroz at gmail.com>
>
> --
> Run-tested on WRT3200ACM, mvebu, running openwrt master, using uhttpd,
> nginx, openssl-util, and uclient-fetch; devcrypto engine specifically
> tested.
>
> This should be cherry-picked to openwrt-19.07 as well.
>

Can someone please cherry pick this to 19.07:
d868d0a5d7e1d76bb1a8980346d222fae55fa18b

If I should rather send a proper patch to list, please let me know.

BR

Eneas

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list