Date: Tue, 08 Apr 2014 15:55:18 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Xin LI <delphij@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, secteam@FreeBSD.org Subject: Re: svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver Message-ID: <e25208600d1ed778a20d6ac8596c658a@shatow.net> In-Reply-To: <201404081827.s38IRXiL048987@svn.freebsd.org> References: <201404081827.s38IRXiL048987@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2014-04-08 13:27, Xin LI wrote: > Author: delphij > Date: Tue Apr 8 18:27:32 2014 > New Revision: 264265 > URL: http://svnweb.freebsd.org/changeset/base/264265 > > Log: > Fix NFS deadlock vulnerability. [SA-14:05] > > Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel > Attack in OpenSSL. [SA-14:06] > > Modified: > head/crypto/openssl/crypto/bn/bn.h > head/crypto/openssl/crypto/bn/bn_lib.c > head/crypto/openssl/crypto/ec/ec2_mult.c > head/crypto/openssl/ssl/d1_both.c > head/crypto/openssl/ssl/t1_lib.c > head/sys/fs/nfsserver/nfs_nfsdserv.c > __FreeBSD_version is needed too. Also, that this was a partial release of 1.0.1g is confusing a LOT of users. They think they are still vulnerable. They expect to see 1.0.1g in 'openssl version'. We could have our own version string in 'openssl version' to remedy this. -- Regards, Bryan Drewery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e25208600d1ed778a20d6ac8596c658a>