From owner-freebsd-security@FreeBSD.ORG Sun Aug 31 15:05:36 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 47C8F8F for ; Sun, 31 Aug 2014 15:05:36 +0000 (UTC) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 25EB21016 for ; Sun, 31 Aug 2014 15:05:35 +0000 (UTC) Received: from plantcutter.riseup.net (plantcutter-pn.riseup.net [10.0.1.121]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 62C9E53665; Sun, 31 Aug 2014 08:05:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1409497534; bh=yLe0PE4NMAoMm1v3/PQ+jb8j2CMYvSrt7H6dCXJpoWQ=; h=In-Reply-To:References:Subject:From:Date:To:From; b=YceOuu8Bvn+NfTps7kJJ3nXrx0Hk8GoouEQ0Oi2eUiICNHpshbY0LNRQZfHv8NzjC mZDvgE3rXbeb6SdFblsBy2DtRYBQTTA/snagrZ9QKkI1dUY0mtOe7TkNZe/T2C/Lu4 4qthJ9IIIRHm7+A7Ifk+vzloQNWjC6U0UOSqROBY= Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: pkubaj) with ESMTPSA id BBDE921F27 User-Agent: K-9 Mail for Android In-Reply-To: References: <54021C36.6070709@riseup.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: OpenSSL SA From: Piotr Kubaj Date: Sun, 31 Aug 2014 17:05:23 +0200 To: Brandon Vincent ,freebsd-security@freebsd.org Message-ID: <7e908bef-461c-4daf-a1c7-865e37be538c@email.android.com> X-Virus-Scanned: clamav-milter 0.98.4 at mx1 X-Virus-Status: Clean X-Mailman-Approved-At: Sun, 31 Aug 2014 15:22:48 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Aug 2014 15:05:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Yes, I wrote in the original mail that there have been updates to stable/{8,9,10}. What I meant by the lack of SA is that there were no updates to releng/. On 31 sierpnia 2014 17:02:12 CEST, Brandon Vincent wrote: >On Sat, Aug 30, 2014 at 11:47 AM, Piotr Kubaj >wrote: >> Hello. According to https://www.openssl.org/news/secadv_20140806.txt >> there's been a known SA in OpenSSL for 24 days. Since then >> security/openssl has been updated and there have been updates to head >> and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that >so@ >> has somehow forgotten about it, or the vulnerable features are off in >base? > >It looks like OpenSSL 1.0.1i (which fixes all the issues in the SA >from upstream) was merged into stable on August 7th. The announcement >from FreeBSD was probably accidentally not published. > >Brandon Vincent - -- Wysłane za pomocą K-9 Mail. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI8BAEBCgAmBQJUAzmzHxxQaW90ciBLdWJhaiA8cGt1YmFqQGdtYWlsLmNvbT4A CgkQL2cq6RGx9j6yRhAAlVtQn7Ohi1dPe41uyfjwtL9fpp6xY8uHvWRWLoWY2QYm yB7V2vJaLsb0Ysa2MxLf8gTlFZy2l5vfQIWDz36DPytNzEcyrnIjJK2NOmxF8SNu oRs2TnxO3sMgyDz+A50sEquZLINlbJxJWCtccOG/5jYjeP7mON4zw2brNajZmvJF mOqc8KSFNLUmCPHTdd+YvAB1PTFJfrjotd//k6MPPrqr0WU85g3GzxGHSpALFJII TT8sBO4a2PNzLMTxf5JVCpaHmA2v6dUTBTBwstHim2Q1MSEa83gNgBDSk8qfwyy/ FjVcLeDsrLF8M/WVHsSLwATmVp0Y5G3ML9337pLnlBZn1vHJfaS2n12zEAarVYLQ v9+i5ufzu74N+IqnbdUthXv7ZyEM8q7RUdOm+6XN/FzImbnEwPBNIcG00GU+rD1C KGXd3HnEDO2nneA5ijdrC7Hd/q9SJVx0e+X9ZtyDdUvWLnXqQtBVwp9pLLm1ePlH 2SsxTYwYRIH59aK1YG0B4cyHKfd97vd4ezJLq1hGVEKh9RxcO1Mge34FrZuBYMnS KWwwiVnScmPTyPM54cXXmrnhWNUW9kO0DmrYb3sZT97aWqpQPDap+EEGES0ePysF itBjIQyjoNXnwKrDuBhSvn8CHkbTpVMla75UDoU9b+4vexLuxIfB+z418+EdEjs= =hZsB -----END PGP SIGNATURE-----