Date: Mon, 13 Nov 2017 09:40:44 -0800 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: Andrea Venturoli <ml@netfence.it>, freebsd-questions@freebsd.org Subject: Re: OpenSSL CVE-2017-3736 Message-ID: <6c8cfb16-f752-05a9-8739-808246f92e8d@bluerosetech.com> In-Reply-To: <a8f10b91-f0fa-77b1-cd98-993b31a11e66@netfence.it> References: <a8f10b91-f0fa-77b1-cd98-993b31a11e66@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/13/2017 08:17, Andrea Venturoli wrote: > Hello. > > A little bit out of curiosity and a little bit to plan my work... > > I thought any version of FreeBSD would be affected by this > vulnerability, but heard nothing on the list. > > Am I wrong? Are we safe? > Is a SA coming? OpenSSL in 11.1 is 1.0.2k, so no, no, and yes (hopefully). > > I see devel/openssl was upgraded to 1.0.2m. Are we expected to go the > port way? That's not possible in all cases, but if you can, building with ports openssl is a good idea. Also, you'll need to use head, because security/openssl in 2017Q4 is still 1.0.2l.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6c8cfb16-f752-05a9-8739-808246f92e8d>