From owner-freebsd-security Fri Mar 21 2:28:54 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5220937B401 for ; Fri, 21 Mar 2003 02:28:52 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id B2D0143F85 for ; Fri, 21 Mar 2003 02:28:50 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 19730 invoked from network); 21 Mar 2003 10:24:11 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 21 Mar 2003 10:24:11 -0000 Received: (qmail 20935 invoked by uid 1000); 21 Mar 2003 10:27:08 -0000 Date: Fri, 21 Mar 2003 12:27:08 +0200 From: Peter Pentchev To: Tim Baur Cc: freebsd-security@FreeBSD.ORG Subject: Re: Patch for OpenSSL and freebsd 4.4 Message-ID: <20030321102707.GG13251@straylight.oblivion.bg> Mail-Followup-To: Tim Baur , freebsd-security@FreeBSD.ORG References: <3E7ADFAE.3000509@imc.nl> <0303210148040.31535@neobe.cnanfb.pbz> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XWOWbaMNXpFDWE00" Content-Disposition: inline In-Reply-To: <0303210148040.31535@neobe.cnanfb.pbz> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --XWOWbaMNXpFDWE00 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 21, 2003 at 01:57:55AM -0800, Tim Baur wrote: > On Fri, 21 Mar 2003, Roelf Schreurs wrote: >=20 > > I was wondering if there will be a patch release for the 2 new OpenSSl > > vulnerabilities found this week? >=20 > RELENG_4_4 is no longer supported by the security officer. Please review: >=20 > http://www.ca.freebsd.org/security/index.html#adv jedgar@ committed fixes to a couple of files 13 hours ago, which seem to address at least one of those vulnerabilities. I believe there are FreeBSD developers who are actively committed to keeping the 4.4 security branch alive, so my advice would be to wait a bit more, the fixes will probably be MFC'd there, too. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If you think this sentence is confusing, then change one pig. --XWOWbaMNXpFDWE00 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+euj77Ri2jRYZRVMRAkdZAJ9goXG4/A0D5IvsqbSMS1wd7vOoPgCfdC7c ibSZY+qGWie+vu/Iuv07AaQ= =HEoA -----END PGP SIGNATURE----- --XWOWbaMNXpFDWE00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message