WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Unpatched CVE in openssl 1.1.1  (Read 3601 times)

Offline andyj

  • Hero Member
  • *****
  • Posts: 1036
Re: Unpatched CVE in openssl 1.1.1
« Reply #15 on: December 20, 2023, 10:02:12 AM »
PHP 7.4 and 8.0 don't support openssl 3.2, and they are end of life anyway. PHP 8.1, 8.2, and 8.3 are compiled for openssl 3.2. Are you sure you have the latest versions?

Offline CNK

  • Wiki Author
  • Sr. Member
  • *****
  • Posts: 292
Re: Unpatched CVE in openssl 1.1.1
« Reply #16 on: December 24, 2023, 01:58:09 AM »
I'm not trying to nag anyone, but I notice that extension updates keep rolling in, but the ones I've submitted haven't been accepted. I submitted updated links-full.tcz around 2023/12/13 (as well as an extension for xzgv on x86_64). More recently I sent mosh.tcz and sylpheed.tcz rebuilt for OpenSSL 3.2 on 2023/12/22.

The attachments were bcrypted and I haven't seen a rejection message sent back to my email server from Google, as happened before.

Around when I submitted links-full.tcz, I also made an updated dillo.tcz extension for x86_64 and sent a PM to neonix on the 12th of Dec. asking whether I should submit it, or if he would like to build an updated extension using the patch I made to add support for SNI over HTTPS. But I haven't received a response.

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14851
Re: Unpatched CVE in openssl 1.1.1
« Reply #17 on: December 24, 2023, 06:33:56 AM »
I’ve been busy/traveling..

Offline CNK

  • Wiki Author
  • Sr. Member
  • *****
  • Posts: 292
Re: Unpatched CVE in openssl 1.1.1
« Reply #18 on: December 25, 2023, 12:35:54 AM »
No problem Juanito, and thanks! I'm just paranoid about my emails getting silently rejected/filtered.