Site Navigation

Date:      Tue, 13 May 2014 17:54:40 -0700
From:      Xin Li <delphij@delphij.net>
To:        Andrey Chernov <ache@freebsd.org>, Xin LI <delphij@FreeBSD.org>,  src-committers@freebsd.org, svn-src-all@freebsd.org,  svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Cc:        "secteam@FreeBSD.org" <secteam@FreeBSD.org>
Subject:   Re: svn commit: r265986 - stable/10/crypto/openssl/ssl
Message-ID:  <5372BED0.7010907@delphij.net>
In-Reply-To: <5372AC8E.1070507@freebsd.org>
References:  <201405132319.s4DNJH7T055013@svn.freebsd.org> <5372AC8E.1070507@freebsd.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 05/13/14 16:36, Andrey Chernov wrote:
> On 14.05.2014 3:19, Xin LI wrote:
>> Author: delphij Date: Tue May 13 23:19:16 2014 New Revision:
>> 265986 URL: http://svnweb.freebsd.org/changeset/base/265986
>> 
>> Log: Fix OpenSSL NULL pointer deference vulnerability.
>> 
>> Obtained from:	OpenBSD Security:	FreeBSD-SA-14:09.openssl 
>> Security:	CVE-2014-0198
> 
> Official fix is a bit different: 
> https://github.com/openssl/openssl/commit/b107586c0c3447ea22dba8698ebbcd81bb29d48c
>
> 
from
> https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
>
>  Do we follow official branch or OpenBSD fixes?

Principally we follow the official branch whenever applicable, we
didn't do it for this one because the advisory was prepared about two
weeks ago.

For -HEAD and -STABLE we should probably adopt the upstream version to
ease future maintenance.

Cheers,
- -- 
Xin LI <delphij@delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTcr7QAAoJEJW2GBstM+nsZSkQAKxb/l+s7TEJadXf3a2pMR1/
DbNBW2WKTCS8QqGRyIqd2z9VPpsa5ECIVpaiekMLUxG85m+mBqV3sTQUXjFTwaU7
HQIGkiCbwnw8/u0+xoFByGzQW822qVvW/+OoylEw90JnDqtrWsoDfLND80H1/IUj
LKPJu2lU4rI6EFQ2b6ps01XqaoWKK16MkyB47CiRcDlonqWJ5SvB9TsDsyFJjb5u
gnq6RYuZfSFzt8NGL1/9wLXjR9QPtmd/ekp+NOkGRQHPoGjIQ7/Z/mKfEpm11UVs
lHm3c89O0+JxNfVzZrlx70xMYrbZCI7oGPlIROjF8jel/RfpypVnDB4L162Nhslw
oMlEtD88Kzlb0OWdBmyo811p9wqQ7l2xer774oQzWmfSjo1eZzuNcniYEBwGZ37y
hif8tOLEnc4yXZmdKFb5qwpYftyBRfA76bKXEUGXz91b0zdK2M09SuPkgtUiks6Y
6Ame2UHpIwaMULzUA8r98o6C21YuirKM2mD3BGe1zZtWJQ6U2l6a0MCe4d9//6yq
aciKsnLgZbaxa1aza3b1gO8fW3Da/9bQ06eeLhcM/F6wEx9dMSo+TAtrjWK95Q9L
eNynRxAw3udWAqV+AdVB9U9SGckqe0lLDjMeJq2IV8GCwQb34oAfX5qklyRj2OaI
LB21EyspUSw1/hjFrYYI
=8DUK
-----END PGP SIGNATURE-----

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5372BED0.7010907>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact