Date: Sat, 27 Nov 2010 00:16:35 +0100 From: "Simon L. B. Nielsen" <simon@nitro.dk> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org Subject: Re: svn commit: r215912 - in stable/8: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/... Message-ID: <AEFE25B8-8A73-47CE-B163-D9D2A5EBBD31@nitro.dk> In-Reply-To: <201011262250.oAQMoxo1094710@svn.freebsd.org> References: <201011262250.oAQMoxo1094710@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26 Nov 2010, at 23:50, Simon L. Nielsen wrote: > Author: simon > Date: Fri Nov 26 22:50:58 2010 > New Revision: 215912 > URL: http://svn.freebsd.org/changeset/base/215912 >=20 > Log: > Merge OpenSSL 0.9.8p into stable/8. >=20 > This merges up to and including head/crypto/openssl/ r215697; and > head/secure/lib/libcrypto/, head/secure/lib/libssl/, > head/secure/usr.bin/openssl/ r215698. >=20 > To make the merge simpler, a hack was added to set MACHINE_CPUARCH. >=20 > Security: CVE-2010-2939, CVE-2010-3864 > Security: http://www.openssl.org/news/secadv_20101116.txt > Security: FreeBSD-SA-10:10.openssl > Approved by: re (implicitly - they did not object of the general idea > of OpenSSL update) Just in case anyone is wondering, FreeBSD-SA-10:10.openssl will not be = released right now, but should be out early next week. I just thought I = might as well mention it in the commit message as the name is known at = this point. PS from what I read and tested so far, the actual risk with both = CVE-2010-2939 [1] and CVE-2010-3864 is very little. [1] At least for FreeBSD's current OpenSSL 0.9.8. --=20 Simon L. B. Nielsen Hat: OpenSSL maintainer (and a bit of the secteam hat)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AEFE25B8-8A73-47CE-B163-D9D2A5EBBD31>