From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 08 Feb 2023 11:36:35 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pPhob-000SrB-4B for lore@lore.pengutronix.de; Wed, 08 Feb 2023 11:36:35 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1pPhoZ-00058k-28; Wed, 08 Feb 2023 11:36:35 +0100 Received: from mail-am6eur05on2086.outbound.protection.outlook.com ([40.107.22.86] helo=EUR05-AM6-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pPhoG-00058a-QP for ptxdist@pengutronix.de; Wed, 08 Feb 2023 11:36:17 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RFF1EtvTYHaVGgKwYfw+Eov2apxHgrMjrjISrF+t4/9lVMMMwCZXTi3tK4i130b3NL45uoYl40U5Vw7InehXYv6ThzEzQtH0DspMA5PFdlpSUObaHF9TrElQlXdL6+KJuE3WJ8mRIVA7yQY6ip5z+LUE2Lf1RuDffxSdLY9HXf18/WKG/HbY9fz4qDCIlRa5Tha8SA1r5H9+e0Fu3wrioSR9Shqq0x2pgfuxyPXYqwJimGHT6hTuz96Q8Yaas2Ogmo9QAwWctr21Oa3/U4jS03rlW+fE1Flfm3YiPZH7OdAsu/364NgNLQn8rUDSZSxWrtfR5s3+HPt1lE3t+IYxAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x5Yp8oDPdralFlKKHagJvmC7vRHnMOzZR/FujPnzwLI=; b=SJ48YslOQKr260cPBCRvprZPhtB3E+BV1yu+FReoly7PWdBppjD3S7iJ1cJ9ZnxXudhk6B/wKewWq0fg9v1SfuMvOo8wqWxIa+RP/tUi6g6Ielv0f7pAfMtYVeU2vqF6TrpE6FqaUB8bfkPJIh5pAZjjEUWJruUxWFfNRo1oo2vVyVQynHqkBG5MxAJKT78jVjQmOLdKwNDYm8PVX13V9ldPgpq/9wLc+rFZ+d/zrSoO7pt6z9RkP3VvICfcA73QcKjaSH1fTxoZBiceOYJIEV31N6UGyq5o2au3Kzn+VbL/0QMGLpUrE6rGU2DTGWxdGs+oWWyfdDyIeNcmaXUSTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x5Yp8oDPdralFlKKHagJvmC7vRHnMOzZR/FujPnzwLI=; b=K65D1JwoI+vcdpIeGPyWD8mvcii8+YgIzARQu/tv4Do81Xe1uUgA/LXOvXp7Lly+pZKixJWkHVhWnoqAGRb4ficm0E5SQDVPzAk+iWP12D/DJDuB1Fj3p7JrKDDA4Cy094pXuu68dG51ro9l/ZKv4URX0DztAbNjIOlYs53jbQo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DB9P251MB0404.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:326::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.17; Wed, 8 Feb 2023 10:36:13 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::d8cf:bdbe:3526:aa50]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::d8cf:bdbe:3526:aa50%5]) with mapi id 15.20.6064.034; Wed, 8 Feb 2023 10:36:13 +0000 Message-ID: Date: Wed, 8 Feb 2023 11:35:47 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Content-Language: en-US To: oss-lists@triops.cz References: <20230208080107.2504460-1-christian.melki@t2data.com> From: Christian Melki In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: GVYP280CA0032.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f9::12) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DB9P251MB0404:EE_ X-MS-Office365-Filtering-Correlation-Id: b68ee41b-d13c-4ed4-8a14-08db09c04d1b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NIGmQXSMmDyJVCLq93Zwzx/s/wGiJANaRbLJ0IJKhR7ljp67J4LmYxL//f4U9wG+L8CVcZ12bFCaq4uDTBoYnR2YBYSrkBNUWc/ddjf7LZuUIxcG3HWfnWzJV1hyiJxy+Oyc5mZBsPXmKOWEbqqHihCSfd+o9xgUQZSMearK/vDQnsZY2AATrohwXrFbDuYCBap/gd7wGJMlS5Q82C29kmXwNX0nT4Z4zO4UQHV7lL/WFqfLRBpD/mHDkivKBaQ2+W//y77/jF0f2ouQ2V7Ps0zDtDi7LJBT2lZiM/yBhvK+NPkpdtrroG14QwNFhpcqON8u0ee+vcszpT3BuXluFA/c10lWYlQ770r89sW3ZN0yVgzwDYJ1u11C7u+oAUj6KOkhSGHSuHstEI4z1LotcZ80HRzagz9vwqXKijRVEly7QWDcuiY7dMEwrfjNT+wR8nsJg8SuFQTXe5uuaBJxMGIRbqYBg8dIywKET7zJm/P/WNJ93L2pfFlpXpn4CD5e9dsZJyo8YyU9uOwMcFEbSrwCcuubYBwlZ+hnFpOF6QGWexjzIaz4zj5k5vR0HsrI0y13K/lcdZEHVEuAYP8EMYzQ0xgOWNl7f+Qqg9p8NNHxqrZJx3kLdjLKD9D7VQGbkHx4TbjvGprWOmFlIWf3A7JK++AF22s9WiXvIuHJ7pQpRjqt52eadKqRpyjgP7Ydyo3JfYmawORx6QAujelEOdjeG12n40GC5kB5g7IJ5M88yaH3E2Mt+s8Sss3IhBhO X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230025)(396003)(366004)(39830400003)(346002)(136003)(376002)(451199018)(44832011)(4744005)(26005)(6512007)(186003)(966005)(6486002)(478600001)(41300700001)(38100700002)(31696002)(66556008)(66946007)(8676002)(4326008)(6916009)(66476007)(8936002)(6506007)(6666004)(86362001)(36756003)(53546011)(5660300002)(316002)(83380400001)(31686004)(2616005)(2906002)(45980500001)(43740500002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RlRvbS9iSmYxbk1PMUZnL1JsNHhJQTFPSGExeVEvWlJqU3dYbmE3RHd2TW1l?= =?utf-8?B?WnNvVGVXcVc3UENPQ1o4dXFVVTlncVF4eTZUTU90ODFaQUZBeG9VQVI3c2hI?= =?utf-8?B?VnJKWGI3SHdPL3NPWDU5UVRyMUc2bjRIM0lOTU9uR1RDQ0Rsc0tzcTFuS1Vy?= =?utf-8?B?cWVXS0RBR1p0a3R2ejVBaDBIOXJPOHgxOUNNOHVXbCtseXh6bmFGbkR4a3Ro?= =?utf-8?B?emxPRjN4VFgrN0tQcUQxL2Y0ak0xRFVwRm9xWFFlZTJVRHV2MlJ2Sm4zUXNS?= =?utf-8?B?eW5hQUZVZmViVGp1aEhOMktuMFAvWlFRZnFreTM2ZFY3eDBVazJDQTdsai9m?= =?utf-8?B?L050Z3dZWXovaUlTODBhcFZnNkg5WVZhaHM0b3luUkpUT3crZXVhaEZUSlEv?= =?utf-8?B?dWswQnJ2MzhDSWxvR0F5aXFBRkpBOTRRTk1LUUJVTDgwKzFHMHNJemtpRnBp?= =?utf-8?B?aWtXWFFTNm94RDhlR1d0ajVuUHFOQ2RYZzBNV3dGQ0tHNkRtY28vUlA5WHVL?= =?utf-8?B?cStTZERoYmROV3E3aFZjNm1ES3lsUTlqajlOWXJsN3A4ckt4UW5GVmZVOHZ2?= =?utf-8?B?dUxJMkFZcWsweDhxNW5hTDhhbE1xdnF4ZkZjNmx3RWtCcEMydGcwQzMrSitz?= =?utf-8?B?NkxMdGQxcXgvcnhocUpMZHl5WlVwTlpkOG9Ua2J5d045ODUyMjZqbDZId0l0?= =?utf-8?B?UzdpaFkxVkJoZHNaYXJCZEt0ODVXbjFCbyt6ajh1cTIzMFFQNDhDZnkxbDNk?= =?utf-8?B?amtYdWpNR2hBc2MrOHU2WHZURkNxY0RGSEVTUXBTMjhoRExpbGNDck8rcldy?= =?utf-8?B?elYxSGxoa28zblR0MUJsUEk2ay9Gd082cEVFbDNQUWgva3JSOUNtYkFTN1ll?= =?utf-8?B?N1pHTEpUbVZLQmttcmdQWWNhanlTNHp1aTNpWG1GekRqdm9WUklZMDJBQnAx?= =?utf-8?B?SVlRNXF5RGJYVXc0aG1SZUh5cnBsWGZwR2NBQ0NJK3AyRVJRemRYU3VVZUNW?= =?utf-8?B?cGs4RGdjbVZaVktDN0ljSzZQbHErV0hvdWtXWW9UbjZZNlpwN01rNWJSZnY0?= =?utf-8?B?d3YxKzBRM3VzTlMyNXpzWFVtVjFIQjJDck81WUJ3RllYaXB0RDlGVXdrZjJ1?= =?utf-8?B?blRqOE5KRSsyWHAxc0dvWEJUYXhIcTV0QUc4dDlzNXNEb2xmdDRpUk5TK1JU?= =?utf-8?B?aSszcGRpN1lSZ0g0SDBaMU1uQzJTUVpicjVhWlMwTklycCtSUVlBUXFiYU1j?= =?utf-8?B?S05LREk4VTQ3Y05mM3lFTTRvMzNXNWlKM1FyQkMwa1JCeE55cm1taDBZR3JX?= =?utf-8?B?c3MxTWw0dk9YZmR6MXU0NUkxRGhkckJNeVVVWTVGSXJKUE5yNHZSZTJCYWYv?= =?utf-8?B?ZkVpUHFiSzNVS1Q3K1pIZFhVT1BhNXZQeXZMRDdVWUxHZ3VEa1lIYS9IWUJi?= =?utf-8?B?NUNBQm5zS1hPck9maGM2MFpqMWRaSFN6Y3NRQUt1WGd4SStyWHlDM09idmtH?= =?utf-8?B?OE1vMFVjQVBRTUJBMkZackxybHZLQnlYY2lJcTBRWFdzRnArcEZWV21wajN2?= =?utf-8?B?ZXJ5ZHJ5cEc5alBrZ3YwMDZ0MUQzUlJFem9DWlR5RlEwYys3MFA5K0VOQkRS?= =?utf-8?B?Vno2K1U1a3ZaRlhxMmE1c2d0UGtCbkNFVHVUbWQrOGJITXFpOTNlajZCUzZM?= =?utf-8?B?YzFyM1VUQ25FMy9nbWJEL01IVFhxUWRJcWFycnNwb1g2VVNpaWhSMVlJMzdS?= =?utf-8?B?c3RJd3RlTW52eGFadHE5QTZrcDRpbnJtZWprM1o4Sm9iQTBadlgrN2NXaEZj?= =?utf-8?B?UVBQd2hTVUk5QmlrOXNMSjFFQ1NUTkVFQnpQejdsdCtsSStOejJrV3ZXdncw?= =?utf-8?B?dHk5aTN3WFZmbTNIK0NsYW5UQTJqczFVNC9PZzFaR0Y2SjROMjNqelN4OTZa?= =?utf-8?B?dXRlQ2J1L1VtWU42alhyeDg4S3czMHRLMFpJWFNoT3E3WFZLcDhnNFFnNkht?= =?utf-8?B?dWZtYXUzZ1JNM3k2dkRqeWdNTU9CcnBKMEZ0RklaZllaR0NwS0dyOW4rbDg5?= =?utf-8?B?VGhyOGF5akk3bzZKdFFrMVVvaWR6MWtSRmhSZTE4TUJYUlFVQTd4Ym9HK0dI?= =?utf-8?B?WDBpQWVkUEJ4TTZhYUc1cExIRkRIdWRQcEhzNWRwV25WSmZrMUJ2dXU3dE5a?= =?utf-8?B?Qnc9PQ==?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: b68ee41b-d13c-4ed4-8a14-08db09c04d1b X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2023 10:36:13.7733 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: T+uqEGeZdXqHyj8INgsef+o2DI89bENy+SbYENxhoI1c+w3+gXdTfrn+iWVpORa6i62Cs55H2cJRbkS7kG7cCzNRHg2xy+1iv/y3Gii1fhE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P251MB0404 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH] openssl: Version bump. 1.1.1t -> 1.1.1s. X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Oops! mol acked changing it locally. Thanks for pointing out my difficulties with alphabetical ordering. :D /C On 2/8/23 10:38 AM, Ladislav Michl wrote: > Hi Christian! > > On Wed, Feb 08, 2023 at 09:01:07AM +0100, Christian Melki wrote: >> Plug 4 CVEs. >> https://www.openssl.org/news/cl111.txt >> X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) >> Use-after-free following BIO_new_NDEF (CVE-2023-0215) >> Double free after calling PEM_read_bio_ex (CVE-2022-4450) >> Timing Oracle in RSA Decryption (CVE-2022-4304) > > seems bump text is reverted, should be 1.1.1s -> 1.1.1t... > > l. >