Date: Sun, 31 Aug 2014 21:05:38 +0200 From: Piotr Kubaj <pkubaj@riseup.net> To: Hassane HYJAZI <hassane@hyjazi.me>, Brandon Vincent <Brandon.Vincent@asu.edu> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL SA Message-ID: <54037202.7040307@riseup.net> In-Reply-To: <54033A15.5080804@hyjazi.me> References: <54021C36.6070709@riseup.net> <54033A15.5080804@hyjazi.me>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --PK9R0UBlvdxF8GQ9gL4hM4rvxRT2xrGwf Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/31/2014 17:07, Hassane HYJAZI wrote: > security/openssl version : 1.0.1_15 ~=3D 1.01i (+2patch) fixing all of= this. > check commit history at http://www.freshports.org/security/openssl >=20 >=20 >=20 > Le 30/08/2014 19:47, Piotr Kubaj a =C3=A9crit : >> Hello. According to https://www.openssl.org/news/secadv_20140806.txt >> there's been a known SA in OpenSSL for 24 days. Since then >> security/openssl has been updated and there have been updates to head >> and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that so= @ >> has somehow forgotten about it, or the vulnerable features are off in >> base? >> >=20 I know about security/openssl and have written about it in my first mail. What I was asking about was a patch to releng/. On 08/31/2014 17:11, Brandon Vincent wrote:> On Sun, Aug 31, 2014 at 8:05 AM, Piotr Kubaj <pkubaj@riseup.net> wrote: >> Yes, I wrote in the original mail that there have been updates to stable/{8,9,10}. What I meant by the lack of SA is that there were no updates to releng/. > > releng/10.1 will not be created until October 3rd. releng/10.0 is froze= n. > > https://www.freebsd.org/releng/ > > https://www.freebsd.org/releases/10.1R/schedule.html > > Brandon Vincent > I know what releng/ is, I have been using FreeBSD for 5 years now for just about everything. Sure, some people here remember 3.x, but after 5 years I'm not a noob. I wasn't asking for a whole new version, although they were such updates to releng, see http://svnweb.freebsd.org/base?limit_changes=3D0&view=3Drevision&revision= =3D249029 =2E I was asking for just a simple patch like in http://svnweb.freebsd.org/base?view=3Drevision&revision=3D267104 . Such patches used to be committed, when publishing SA's, but I guess something (?) has changed for worse. --PK9R0UBlvdxF8GQ9gL4hM4rvxRT2xrGwf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUA3ICAAoJEC9nKukRsfY+CgwP/2pE7655vfoGYknt76EXOAMr cwJN7IT1+LO2z1oDsWqKxa67FqEvte8q0rBbSIKa6xIGijhX2kiUBZjhW0LxDJLE 2ib0HZ4UfKTXMtpEtMCebrbXk50XbcV7Ha7i5JJ9NCAMiYbjzGscIrofp2aBCo6s yUR7mxavWHu/LGkeGb0KkjaqPj6ycYDTObtLb4OlcxIWYejBtTWvjBMtz5eToqmf qxLA59bpYTqdjpdfKEhQePWeVOpn4H07P0uIxTrztVxh6Wmks91Vruc7D29EZbeL UYkc9c9gTAQPYkVRaHuupZl8GJA3RBlbCxrazUtM0DuFtyniaxzEGt8mnYOS3nA4 huU2sfhCn+aDhMVmM1xgc2cheT6d5QhP3YbV9rmV/gR5zMKME7viLTx8zvnNj9zx 0b0EZJcCTlaSpourEYU7ArcDNRLP3zvzLCtX7gQ5W9+1IRkqoBUS9cfftSVDoIH5 i4lPhAK+UrvnQuSqq9h7QTEjGrHar0TsZC/deR8ruMOFcaPeRKxS/3rlX/c5Y2lC pUdyuw8MjzfLasqlRZFs7A6fR4ugFmWKAXtSchQ91N0kcY5Kj6QeZK3o+fRIrgZu TiY8/QvQ9GmpdnYOWdG9wYv2ZPkYzzQ9HyL10jTeJwTMAtj07Q0Yn4VxGc2cowG3 qyF8kAqJusOn0xSm/5mi =Lte5 -----END PGP SIGNATURE----- --PK9R0UBlvdxF8GQ9gL4hM4rvxRT2xrGwf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54037202.7040307>