Hrm. OpenSSL 1.1.1 update today? From IRC: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055
No mention anywhere else yet?
Quote:
Openssl will release new update on 2021/03/25, it will fix two "High" severity issues. These issues does not affect OpenSSL versions before 1.1.1:
CVE-2021-3449: NULL pointer deref in signature_algorithms processing
CVE-2021-3450: CA certificate check bypass with X509_V_FLAG_X509_STRICT"
Ah, the OpenSSL 1.1.1 advisory for CVE-2021-3450 and CVE-2021-3449 is now out officially: