From owner-freebsd-security  Tue Jul 30  6:44:45 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2BA3537B400
	for <freebsd-security@freebsd.org>; Tue, 30 Jul 2002 06:44:42 -0700 (PDT)
Received: from mail47.fg.online.no (mail47-s.fg.online.no [148.122.161.47])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3C6BE43E4A
	for <freebsd-security@freebsd.org>; Tue, 30 Jul 2002 06:44:41 -0700 (PDT)
	(envelope-from pulz@pulz.no)
Received: from elixor (ti500720a080-0896.bb.online.no [80.213.75.128])
	by mail47.fg.online.no (8.9.3/8.9.3) with SMTP id PAA21885
	for <freebsd-security@freebsd.org>; Tue, 30 Jul 2002 15:44:40 +0200 (MET DST)
Message-ID: <004001c237cf$23c00560$fa00a8c0@elixor>
From: =?iso-8859-1?Q?Geir_R=E5ness?= <pulz@pulz.no>
To: <freebsd-security@freebsd.org>
Subject: About the openssl hole
Date: Tue, 30 Jul 2002 15:43:50 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_003D_01C237DF.E6BDD370"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.

------=_NextPart_000_003D_01C237DF.E6BDD370
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Shuld we start to edit the openssl port (I have emailed the maninter to =
update to 96.e, "or supply the patch from openssl" in the =
/usr/ports/security/openssl), or shuld we wait for an patch from the =
freebsd team ?

If you look at bugtrac there are already romours about exploits flying =
around now.


Read the Advisory from openssl here
http://www.openssl.org/news/secadv_20020730.txt


Best Regards
Geir R=E5ness

------=_NextPart_000_003D_01C237DF.E6BDD370
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Shuld we start to edit the openssl port =
(I have=20
emailed the maninter to update to 96.e, "or supply the patch from=20
openssl"&nbsp;in the /usr/ports/security/openssl), or shuld we wait for =
an patch=20
from the freebsd&nbsp;team ?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>If you look at bugtrac there are =
already romours=20
about exploits flying around now.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Read the Advisory from openssl =
here</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.openssl.org/news/secadv_20020730.txt">http://www.opens=
sl.org/news/secadv_20020730.txt</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Best Regards</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Geir =
R=E5ness</FONT></DIV></BODY></HTML>

------=_NextPart_000_003D_01C237DF.E6BDD370--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message