From owner-freebsd-security@FreeBSD.ORG  Sat Apr 17 16:01:13 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A88A21065673
	for <freebsd-security@freebsd.org>;
	Sat, 17 Apr 2010 16:01:13 +0000 (UTC)
	(envelope-from tjg@soe.ucsc.edu)
Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32])
	by mx1.freebsd.org (Postfix) with ESMTP id 8EB618FC0C
	for <freebsd-security@freebsd.org>;
	Sat, 17 Apr 2010 16:01:13 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 4ADA110082F3;
	Sat, 17 Apr 2010 09:01:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at mail-01.cse.ucsc.edu
Received: from mail-01.cse.ucsc.edu ([127.0.0.1])
	by localhost (mail-01.cse.ucsc.edu [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id J8-t3K5-G1ob; Sat, 17 Apr 2010 09:01:13 -0700 (PDT)
Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32])
	by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 3105810080E6;
	Sat, 17 Apr 2010 09:01:13 -0700 (PDT)
Date: Sat, 17 Apr 2010 09:01:13 -0700 (PDT)
From: Tim Gustafson <tjg@soe.ucsc.edu>
To: APseudoUtopia <apseudoutopia@gmail.com>
Message-ID: <1576323409.700861271520073086.JavaMail.root@mail-01.cse.ucsc.edu>
In-Reply-To: <v2x27ade5281004170812s6250d4acke6c7059c752d9456@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [98.234.59.118]
X-Mailer: Zimbra 5.0.20_GA_3127.RHEL5_64 (ZimbraWebClient - FF3.0
	([unknown])/5.0.20_GA_3127.RHEL5_64)
Cc: freebsd-security@freebsd.org
Subject: Re: OpenSSL 0.9.8k -> 0.9.8l
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Apr 2010 16:01:13 -0000

> This isn't an answer to your question, but you could
> always use OpenSSL from the ports tree.

I'm hesitant to do so because in the past I've had problem when I've used the ports to upgrade base OS-level stuff, like OpenSSL or Sendmail, then the buildworld cycle overwrites the ports library and the ports library overwrites the OS-level stuff and so on, which in the past has caused general mayhem.

It seems to me that the exploits purported to exist in 0.9.8k are serious enough to merit an upgrade to 0.9.8l for everyone.  Is there a reason why you wouldn't want to upgrade to 0.9.8l?

Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg@soe.ucsc.edu
831-459-5354