Date: Wed, 21 Apr 2010 07:55:14 +0200 From: =?iso-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net> To: Tim Gustafson <tjg@soe.ucsc.edu> Cc: =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, freebsd-security@freebsd.org Subject: Re: OpenSSL 0.9.8k -> 0.9.8l Message-ID: <D86F370E-98A5-41B1-97D5-F2CD98CE1716@anduin.net> In-Reply-To: <258059512.789871271827382221.JavaMail.root@mail-01.cse.ucsc.edu> References: <258059512.789871271827382221.JavaMail.root@mail-01.cse.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 21, 2010, at 7:23 AM, Tim Gustafson wrote: >> RELENG_8_0 is 8.0 + critical bug fixes. >=20 >> =46rom what I gather, the exploits in 0.9.8k are pretty serious. :\ >=20 >> If you're not too pressed for time, 8.1 is "only" a couple of >> months away and will hopefully ship with 0.9.8n which is what >> we currently have in head. >=20 > Well, we may have to wait, or maybe update to RELENG_8 and cross our = fingers. :) It is a misconseption to think that one _has to_ run the latest version = (as suggested by dumb network scans) in order to remain compliant (PCI = DSS or otherwise). What is needed is that the issues found are either = patched or documented to be not applicable. All current OpenSSL issues in the versions shipping with RELENG_8_0 = have, to my knowledge, been fixed by the secteam or do not apply to = FreeBSD. /Eirik > Tim Gustafson > Baskin School of Engineering > UC Santa Cruz > tjg@soe.ucsc.edu > 831-459-5354 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D86F370E-98A5-41B1-97D5-F2CD98CE1716>