12796 – Update OpenSSL to Version 1.1.1g to patch CVE-2020-1967

Bug 12796 - Update OpenSSL to Version 1.1.1g to patch CVE-2020-1967

Summary: Update OpenSSL to Version 1.1.1g to patch CVE-2020-1967

Status:	RESOLVED FIXED

Alias:	None

Product:	buildroot
Classification:	Unclassified
Component:	Outdated package (show other bugs)
Version:	2020.02.1
Hardware:	All Linux

Importance:	P5 critical
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-21 20:55 UTC by Pete Morici
Modified:	2020-04-22 05:09 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pete Morici 2020-04-21 20:55:44 UTC

See:
    https://www.openssl.org/news/secadv/20200421.txt

Recent versions of Buildroot use version 1.1.1f

Comment 1 Thomas Petazzoni 2020-04-22 05:09:24 UTC

Thanks, it's already fixed by https://git.buildroot.org/buildroot/commit/?id=849aee4f8805cce89376c0cd1ce23721436a90ac. As it is a security bump, it will be backported to our 2020.02.x LTS branch.