Date: Sun, 31 Aug 2014 08:02:12 -0700 From: Brandon Vincent <Brandon.Vincent@asu.edu> To: Piotr Kubaj <pkubaj@riseup.net> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL SA Message-ID: <CAJm4239s68dRu2Ft1s7j6wsALhr5MRWnptCT1_r7PU%2BxcS_vKw@mail.gmail.com> In-Reply-To: <54021C36.6070709@riseup.net> References: <54021C36.6070709@riseup.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 30, 2014 at 11:47 AM, Piotr Kubaj <pkubaj@riseup.net> wrote: > Hello. According to https://www.openssl.org/news/secadv_20140806.txt > there's been a known SA in OpenSSL for 24 days. Since then > security/openssl has been updated and there have been updates to head > and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that so@ > has somehow forgotten about it, or the vulnerable features are off in base? It looks like OpenSSL 1.0.1i (which fixes all the issues in the SA from upstream) was merged into stable on August 7th. The announcement from FreeBSD was probably accidentally not published. Brandon Vincent
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJm4239s68dRu2Ft1s7j6wsALhr5MRWnptCT1_r7PU%2BxcS_vKw>