From owner-freebsd-security@FreeBSD.ORG  Fri Apr 11 21:13:21 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 57715D5C;
 Fri, 11 Apr 2014 21:13:21 +0000 (UTC)
Received: from exodus.zi0r.com (exodus.zi0r.com [71.245.171.203])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client CN "exodus.zi0r.com",
 Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2519C1DA0;
 Fri, 11 Apr 2014 21:13:21 +0000 (UTC)
Received: from exodus.zi0r.com (localhost [127.0.0.1])
 by exodus.zi0r.com (Postfix) with ESMTP id DB0813DC59;
 Fri, 11 Apr 2014 17:13:18 -0400 (EDT)
X-Virus-Scanned: amavisd-new at zi0r.com
Received: from exodus.zi0r.com ([127.0.0.1])
 by exodus.zi0r.com (exodus.zi0r.com [127.0.0.1]) (amavisd-new, port 10026)
 with LMTP id RD9c0RIE8U_s; Fri, 11 Apr 2014 17:13:18 -0400 (EDT)
Received: from exodus.zi0r.com (syn.zi0r.com [71.245.171.202])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by exodus.zi0r.com (Postfix) with ESMTPSA id 212643DC57;
 Fri, 11 Apr 2014 17:13:18 -0400 (EDT)
Date: Fri, 11 Apr 2014 17:13:12 -0400
From: Ryan Steinmetz <zi@FreeBSD.org>
To: Matthew Seaman <matthew@FreeBSD.org>
Subject: Re: CVE-2014-0160?
Message-ID: <20140411211312.GA82093@exodus.zi0r.com>
References: <DUB126-W5BC501CB4B718B4504D74A9540@phx.gbl>
 <alpine.DEB.2.00.1404111341450.13520@strudel.ki.iif.hu>
 <DUB126-W864CD6C2BD872D72C58222A9540@phx.gbl>
 <D0491050-C6C0-4124-966C-3153FB618532@icloud.com>
 <DUB126-W77A08013F5277DB2C69816A9540@phx.gbl>
 <20140411163453.10305uc2u7ijvcst@webmail.uu.se>
 <5348571A.9060703@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <5348571A.9060703@FreeBSD.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: freebsd-security@freebsd.org, sbremal@hotmail.com,
 Erik Trulsson <Erik.Trulsson.1013@student.uu.se>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 21:13:21 -0000


On (04/11/14 21:56), Matthew Seaman wrote:
>http://vuxml.freebsd.org/freebsd/b72bad1c-20ed-11e3-be06-000c29ee3065.html
>
>This is applied inconsistently though.  While there is an entry for
>OpenSSL Heartbleed, it doesn't contain any reference to the FreeBSD base
>system and the security advisories (at least, not at the time I was
>writing this...)
>

Entry updated, thank you for pointing this out.

http://svnweb.freebsd.org/ports/head/security/vuxml/vuln.xml?r1=351042&r2=351041&pathrev=351042

-r

>It's also not a feature of pkg audit or any other tool I am aware of
>that it can warn about base system vulnerabilities.  Such functionality
>would be very welcome though.
>
>	Cheers,
>
>	Matthew
>
>-- 
>Dr Matthew J Seaman MA, D.Phil.
>PGP: http://www.infracaninophile.co.uk/pgpkey
>
>



-- 
Ryan Steinmetz
PGP: 9079 51A3 34EF 0CD4 F228  EDC6 1EF8 BA6B D028 46D7