From owner-freebsd-questions@FreeBSD.ORG  Tue Apr  8 14:23:45 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 99400BF5
 for <freebsd-questions@freebsd.org>; Tue,  8 Apr 2014 14:23:45 +0000 (UTC)
Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1751E1756
 for <freebsd-questions@freebsd.org>; Tue,  8 Apr 2014 14:23:44 +0000 (UTC)
Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1])
 by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id s38ENZOB037995;
 Tue, 8 Apr 2014 15:23:35 +0100 (BST)
 (envelope-from freebsd@qeng-ho.org)
Message-ID: <53440667.8060203@qeng-ho.org>
Date: Tue, 08 Apr 2014 15:23:35 +0100
From: Arthur Chance <freebsd@qeng-ho.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Matthias Petermann <matthias@petermann-it.de>,
 freebsd-questions@freebsd.org
Subject: Re: OpenSSL TLS Heartbeat Security Issue
References: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org>
In-Reply-To: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 14:23:45 -0000

On 08/04/2014 12:44, Matthias Petermann wrote:
> Hello,
>
> anyone able to comment on the impact of:
>
>     http://heartbleed.com/
>
> to recent versions of FreeBSD?

There's a thread on freebsd-security@ starting at

http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007404.html

TL;DR: 8.4 & 9.2 not affected *unless* the port version has been 
installed, and the latest port (1.0.1_10) has the fix.

10.0-REL is vulnerable, security advisory pending.