From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 15:05:36 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AD171065673 for ; Sat, 17 Apr 2010 15:05:36 +0000 (UTC) (envelope-from tjg@soe.ucsc.edu) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mx1.freebsd.org (Postfix) with ESMTP id 21EF68FC1D for ; Sat, 17 Apr 2010 15:05:35 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 30E4210082B7 for ; Sat, 17 Apr 2010 07:49:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at mail-01.cse.ucsc.edu Received: from mail-01.cse.ucsc.edu ([127.0.0.1]) by localhost (mail-01.cse.ucsc.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u8gEe4eCeAfg for ; Sat, 17 Apr 2010 07:49:55 -0700 (PDT) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 131ED100824B for ; Sat, 17 Apr 2010 07:49:55 -0700 (PDT) Date: Sat, 17 Apr 2010 07:49:55 -0700 (PDT) From: Tim Gustafson To: freebsd-security@freebsd.org Message-ID: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [98.234.59.118] X-Mailer: Zimbra 5.0.20_GA_3127.RHEL5_64 (ZimbraWebClient - FF3.0 ([unknown])/5.0.20_GA_3127.RHEL5_64) Subject: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 15:05:36 -0000 Hi, I run a few web servers with need to be PCI compliant. Apparently there's a problem with OpenSSL 0.9.8k that requires us to upgrade to 0.9.8l for us to maintain our compliance level. I've csup'd to RELENG_8_0 and did a build/install cycle and OpenSSL is still at 0.9.8k. Using RELENG_8 isn't really an option for me because the last I upgraded to that level, ipfw was broken and I'm not sure that the problem with ipfw has been fixed (Luigi tells me that it has, but I haven't had time to test it yet). Is there any movement to patch RELENG_8_0 with OpenSSL 0.9.8l? Or will I be stuck with 0.9.8k until I move to RELENG_8? Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354