Date: Wed, 02 May 2012 15:44:14 +0300 From: Volodymyr Kostyrko <c.kworr@gmail.com> To: freebsd-security@freebsd.org Cc: Robert Simmons <rsimmons0@gmail.com> Subject: Re: OpenSSL and Heimdal Message-ID: <4FA12C1E.3030102@gmail.com> In-Reply-To: <CA%2BQLa9Asg0GkKKihhXLwpwOGz1T3u%2BJWhqo66L0M1denkeBq_Q@mail.gmail.com> References: <CA%2BQLa9Asg0GkKKihhXLwpwOGz1T3u%2BJWhqo66L0M1denkeBq_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Simmons wrote: > Is there a plan to update OpenSSL to patch for CVE-2012-2131? > > Also, is the DOS vulnerability in libkrb5 that Heimdal 1.5.2 patches > present in Heimdal 1.1 which shipped with 9.0-RELEASE? I'll second this one. 1. Is there any plans on updating openssl and why not? It's getting a bad hype nowadays. And will we ever support TLS v1.[12]? BEAST attack seems to be not so far from most of us: https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls 2. What's with CVE-2011-1945? I'm waiting for months for just a tiny comment on this one as if this truly is not fixed in our source all 9.0 installations with world-open ssh are potentially vulnerable. 3. DragonFly is much faster then we are, they have 1.0.1b on master branch, while we have 1.0.1a in ports. They also already removed heimdal from base and pkgsrc has 1.5.2 available with our 1.4 present in ports. -- Sphinx of black quartz judge my vow.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FA12C1E.3030102>