From owner-freebsd-security@FreeBSD.ORG  Sun Jun  6 10:40:12 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 25A46106566B
	for <freebsd-security@FreeBSD.org>;
	Sun,  6 Jun 2010 10:40:12 +0000 (UTC) (envelope-from simon@nitro.dk)
Received: from mx.nitro.dk (unknown [77.75.165.90])
	by mx1.freebsd.org (Postfix) with ESMTP id DAC3C8FC0C
	for <freebsd-security@FreeBSD.org>;
	Sun,  6 Jun 2010 10:40:11 +0000 (UTC)
Received: from arthur.nitro.dk (arthur.bofh [192.168.2.3])
	by mx.nitro.dk (Postfix) with ESMTP id 31C712D4E75
	for <freebsd-security@FreeBSD.org>;
	Sun,  6 Jun 2010 10:40:11 +0000 (UTC)
Received: by arthur.nitro.dk (Postfix, from userid 1000)
	id 10FB05C19; Sun,  6 Jun 2010 12:40:11 +0200 (CEST)
Date: Sun, 6 Jun 2010 12:40:10 +0200
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: freebsd-security@FreeBSD.org
Message-ID: <20100606104010.GA2923@arthur.nitro.dk>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: 
Subject: FreeBSD OpenSSL and CVE-2010-0742
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jun 2010 10:40:12 -0000


--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hey,

Just FYI for anybody who might need it.  FreeBSD isn't affected by the
latest OpenSSL security issues.

The issue with the name CVE-2010-1633 isn't relevant as FreeBSD does
not yet have OpenSSL 1.0 imported.

For CVE-2010-0742 the affected 'CMS' module is not enabled in FreeBSD.

References:

http://www.openssl.org/news/secadv_20100601.txt
http://svn.freebsd.org/viewvc/base/stable/8/secure/lib/libcrypto/Makefile?a=
nnotate=3D196045#l329

--=20
Simon L. Nielsen
Hat: OpenSSL maintainer

--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)

iD8DBQFMC3sJBJx0gP90kKsRAsDyAKCEEmbq3LR9e0iIUsOvO3qFkV2kkgCeNpaV
ybpL1yZjukv+dzoL66xP0qE=
=5zP2
-----END PGP SIGNATURE-----

--IS0zKkzwUGydFO0o--