From owner-freebsd-security@FreeBSD.ORG Sat Aug 30 18:53:53 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 18DA1292 for ; Sat, 30 Aug 2014 18:53:53 +0000 (UTC) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA1BD1C66 for ; Sat, 30 Aug 2014 18:53:52 +0000 (UTC) Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id AD854547F1 for ; Sat, 30 Aug 2014 18:47:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1409424442; bh=vmkJrkKMj8eBXj3f1q7wfNVbyrU3XdVfZzoLuIzmnWc=; h=Date:From:To:Subject:From; b=Mu9jf7FcbSyLHEAz8SejEiNehurJDa/Baw2UewZ5XSbc/UwRjVHtUgSi4ISLW+sMn M2WGoV3EXsvTXqyDkXHV68F2wjOTHGIP9UyHQSMvxieiCW3R/pCik1HjhFGCE/qJJW xM/2M9dJJjEon9r/cUTG2AHvdzqTaU8aB+kh601k= Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: pkubaj) with ESMTPSA id 9995C42AAC Message-ID: <54021C36.6070709@riseup.net> Date: Sat, 30 Aug 2014 20:47:18 +0200 From: Piotr Kubaj User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: OpenSSL SA Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Vu4xAbcqW2TGFDXj6lT2k1B2E5rRFfI3H" X-Virus-Scanned: clamav-milter 0.98.4 at mx1 X-Virus-Status: Clean X-Mailman-Approved-At: Sun, 31 Aug 2014 04:14:32 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2014 18:53:53 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Vu4xAbcqW2TGFDXj6lT2k1B2E5rRFfI3H Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello. According to https://www.openssl.org/news/secadv_20140806.txt there's been a known SA in OpenSSL for 24 days. Since then security/openssl has been updated and there have been updates to head and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that so@ has somehow forgotten about it, or the vulnerable features are off in bas= e? --Vu4xAbcqW2TGFDXj6lT2k1B2E5rRFfI3H Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUAhw2AAoJEC9nKukRsfY+HF0QAKMI3Zvr72p+l/c0hjH9CGPx +7FvLWN+GosMYodFNv+YzEvVcpfVf2zBQFEL55vlz7X1xyN13CyULKfQDc/lnWTL cNbS52lepNNzvlfVd3eoq5O2u+ccAg19tABu/N8Kizuyid5V6uS3jHeb2yuoCrna wun4EfLGOZYwJjAQTzs4m9eocO84rr9i0DZJBIDKaZNqd4XuwmhI0YntujprAS6Y tB2Fo+1GbPzYOVKn9FLW5C574loYXUHcTK+dvQVcIZXjLpTkhAe6W/1KBksmduJm r1jE/1xXLWHY1L4syMwl6Dg01Ow1ZjPrbk08nZ+B0W4bik0mNtytfmX2AApUftRM DQ3XtP8QUzD/M0Gfzgkh2i+AssBvuv8qhG6BiufD/D8/2qwTCm8Ix5KAsAnGzzAO b9Gu5CF7cTfgAJGxw4vKWH6HKP6tSNquyu7PMA5+735s7VjaK58CMAwpJtERAOmM hLfrfbVIFzevQFqR3TqMpE2FmxYlokcK6xlsnX6L/DfalhZUYm0mMiDBNX6BobzH 4ZVVZRrIezFGIzciaUIEX+xi/8QNWo0EDHuo9GPsYtZ0v2eCv0faC7ePRWTDH1eW kuzL7QedzelB21KCoge15C97i8YU6VaaO1bJcAToUsSrEQRC2TrDVc65lRhz5gM+ O57cdqGemCxXZOZqzv3B =cuXt -----END PGP SIGNATURE----- --Vu4xAbcqW2TGFDXj6lT2k1B2E5rRFfI3H--