Date: Wed, 09 Apr 2014 20:45:49 +0200 From: Per olof Ljungmark <peo@intersonic.se> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED] Message-ID: <5345955D.5080209@intersonic.se> In-Reply-To: <201404090106.s3916VRm035425@freefall.freebsd.org> References: <201404090106.s3916VRm035425@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Can someone please shed a little light why this advisory says STABLE/9 is affected, but https://heartbleed.com/ says it is not? I see openssl version -a OpenSSL 0.9.8y 5 Feb 2013 built on: date not available platform: FreeBSD-amd64 options: bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx) compiler: cc OPENSSLDIR: "/etc/ssl" from our STABLE/9 servers. What am I missing here? On 2014-04-09 03:06, FreeBSD Security Advisories wrote: > ============================================================================= > FreeBSD-SA-14:06.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL multiple vulnerabilities > > Category: contrib > Module: openssl > Announced: 2014-04-08 > Affects: All supported versions of FreeBSD. > Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE) > 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1) > 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE) > 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4) > 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11) > 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE) > 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8) > 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15) > CVE Name: CVE-2014-0076, CVE-2014-0160 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5345955D.5080209>