WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Unpatched CVE in openssl 1.1.1  (Read 2306 times)

Offline andyj

  • Hero Member
  • *****
  • Posts: 1023
Re: Unpatched CVE in openssl 1.1.1
« Reply #15 on: December 20, 2023, 07:02:12 AM »
PHP 7.4 and 8.0 don't support openssl 3.2, and they are end of life anyway. PHP 8.1, 8.2, and 8.3 are compiled for openssl 3.2. Are you sure you have the latest versions?

Offline CNK

  • Full Member
  • ***
  • Posts: 248
Re: Unpatched CVE in openssl 1.1.1
« Reply #16 on: December 23, 2023, 10:58:09 PM »
I'm not trying to nag anyone, but I notice that extension updates keep rolling in, but the ones I've submitted haven't been accepted. I submitted updated links-full.tcz around 2023/12/13 (as well as an extension for xzgv on x86_64). More recently I sent mosh.tcz and sylpheed.tcz rebuilt for OpenSSL 3.2 on 2023/12/22.

The attachments were bcrypted and I haven't seen a rejection message sent back to my email server from Google, as happened before.

Around when I submitted links-full.tcz, I also made an updated dillo.tcz extension for x86_64 and sent a PM to neonix on the 12th of Dec. asking whether I should submit it, or if he would like to build an updated extension using the patch I made to add support for SNI over HTTPS. But I haven't received a response.

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14619
Re: Unpatched CVE in openssl 1.1.1
« Reply #17 on: December 24, 2023, 03:33:56 AM »
I’ve been busy/traveling..

Offline CNK

  • Full Member
  • ***
  • Posts: 248
Re: Unpatched CVE in openssl 1.1.1
« Reply #18 on: December 24, 2023, 09:35:54 PM »
No problem Juanito, and thanks! I'm just paranoid about my emails getting silently rejected/filtered.