Date: Tue, 8 Apr 2014 02:28:25 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r350562 - branches/2014Q2/security/vuxml Message-ID: <201404080228.s382SPjm053381@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Tue Apr 8 02:28:25 2014 New Revision: 350562 URL: http://svnweb.freebsd.org/changeset/ports/350562 QAT: https://qat.redports.org/buildarchive/r350562/ Log: MFH: r350560 Add more information for OpenSSL bug Modified: branches/2014Q2/security/vuxml/vuln.xml Directory Properties: branches/2014Q2/ (props changed) Modified: branches/2014Q2/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q2/security/vuxml/vuln.xml Tue Apr 8 02:27:43 2014 (r350561) +++ branches/2014Q2/security/vuxml/vuln.xml Tue Apr 8 02:28:25 2014 (r350562) @@ -68,6 +68,15 @@ Note: Please add new entries to the beg <p>Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.</p> </blockquote> + <blockquote cite="http://www.heartbleed.com">; + <p>The bug allows anyone on the Internet to read the memory of the + systems protected by the vulnerable versions of the OpenSSL software. + This compromises the secret keys used to identify the service + providers and to encrypt the traffic, the names and passwords of the + users and the actual content. This allows attackers to eavesdrop + communications, steal data directly from the services and users and + to impersonate services and users.</p> + </blockquote> <p>This also covers:</p> <blockquote cite="https://www.openssl.org/news/vulnerabilities.html#2014-0076">; <p>Fix for the attack described in the paper "Recovering OpenSSL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404080228.s382SPjm053381>