diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-10-06 11:36:41 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-10-13 12:42:58 -0700 |
| commit | 2f0df0334ac81d00e17b72d510368557fc0643c2 (patch) | |
| tree | c534a5ee4640014dbd6a9313c48aac07a89c3e2b /scripts/lib/mic/plugin.py | |
| parent | 9dafc77bd804ca2910d300ad01c13fba83b7dc00 (diff) | |
| download | poky-2f0df0334ac81d00e17b72d510368557fc0643c2.tar.gz | |
openssl: upgrade 3.2.4 -> 3.2.6
3.2.6 has fixed 3.2.5 regression which broke python3 ptests so we can
upgrade now. We can also drop CVE-2025-27587 patch which was taken
instead of 3.2.5 upgrade under:
https://github.com/openssl/openssl/pull/28198
Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3017-and-openssl-3018-30-sep-2025
OpenSSL 3.2.6 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)
* Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)
Release information:
https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md#major-changes-between-openssl-324-and-openssl-325-1-jul-2025
OpenSSL 3.2.5 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Miscellaneous minor bug fixes.
(From OE-Core rev: ef6bbf39c10ff7bd8ad36d5d2f59ddd0756e0141)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/mic/plugin.py')
0 files changed, 0 insertions, 0 deletions