From owner-freebsd-security@FreeBSD.ORG Fri Apr 11 21:44:30 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7288AD05; Fri, 11 Apr 2014 21:44:30 +0000 (UTC) Received: from exodus.zi0r.com (exodus.zi0r.com [71.245.171.203]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "exodus.zi0r.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3DF8511ED; Fri, 11 Apr 2014 21:44:29 +0000 (UTC) Received: from exodus.zi0r.com (localhost [127.0.0.1]) by exodus.zi0r.com (Postfix) with ESMTP id A91323DC59; Fri, 11 Apr 2014 17:44:28 -0400 (EDT) X-Virus-Scanned: amavisd-new at zi0r.com Received: from exodus.zi0r.com ([127.0.0.1]) by exodus.zi0r.com (exodus.zi0r.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id RHCPSKQalC2s; Fri, 11 Apr 2014 17:44:27 -0400 (EDT) Received: from exodus.zi0r.com (syn.zi0r.com [71.245.171.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by exodus.zi0r.com (Postfix) with ESMTPSA id DE0373DC57; Fri, 11 Apr 2014 17:44:27 -0400 (EDT) Date: Fri, 11 Apr 2014 17:44:22 -0400 From: Ryan Steinmetz To: Matthew Seaman Subject: Re: CVE-2014-0160? Message-ID: <20140411214421.GB83317@exodus.zi0r.com> References: <20140411163453.10305uc2u7ijvcst@webmail.uu.se> <5348571A.9060703@FreeBSD.org> <20140411211312.GA82093@exodus.zi0r.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20140411211312.GA82093@exodus.zi0r.com> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-security@freebsd.org, sbremal@hotmail.com, Erik Trulsson X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 21:44:30 -0000 I've also added the affected system information for CVE-2014-0076 and corrected a issue with the affected values. -r On (04/11/14 17:13), Ryan Steinmetz wrote: > >On (04/11/14 21:56), Matthew Seaman wrote: >>http://vuxml.freebsd.org/freebsd/b72bad1c-20ed-11e3-be06-000c29ee3065.html >> >>This is applied inconsistently though. While there is an entry for >>OpenSSL Heartbleed, it doesn't contain any reference to the FreeBSD base >>system and the security advisories (at least, not at the time I was >>writing this...) >> > >Entry updated, thank you for pointing this out. > >http://svnweb.freebsd.org/ports/head/security/vuxml/vuln.xml?r1=351042&r2=351041&pathrev=351042 > >-r > >>It's also not a feature of pkg audit or any other tool I am aware of >>that it can warn about base system vulnerabilities. Such functionality >>would be very welcome though. >> >> Cheers, >> >> Matthew >> >>-- >>Dr Matthew J Seaman MA, D.Phil. >>PGP: http://www.infracaninophile.co.uk/pgpkey >> >> > > > >-- >Ryan Steinmetz >PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7 >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Ryan Steinmetz PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7