On 2017/09/28 15:43, Jeremie Courreges-Anglas wrote:
>
> Released recently:
> https://openvpn.net/index.php/download/community-downloads.html
>
> The CVE shouldn't affect many folks, but I'd like to push this for 6.2
> anyway, it could make my life easier for next security updates.
>
> https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
>
> Seems to work fine (client-side, amd64). Additional test reports
> welcome.
>
> Upstream replaced most polarssl references with mbedtls. I could adjust
> the Makefile but I also might end up deleting the polarssl bits from the
> port. Adding an mbedtls flavor could happen, but after 6.2, and if
> someone else actually cares about it.
>
> ok?
OK.
I'd be ok with killing the polarssl bits, they never worked with
the version of polarssl/mbedtls in the ports tree anyway, but I'd
rather do that after 6.2.
No comments:
Post a Comment