From owner-freebsd-security@FreeBSD.ORG Fri Jan 15 12:35:08 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 946E21065670 for ; Fri, 15 Jan 2010 12:35:08 +0000 (UTC) (envelope-from inter-actief@daenney.net) Received: from zeratul.nl (unknown [IPv6:2a02:898:86::4]) by mx1.freebsd.org (Postfix) with ESMTP id 2CC0A8FC14 for ; Fri, 15 Jan 2010 12:35:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by zeratul.nl (Postfix) with ESMTP id 6FAB5DC113 for ; Fri, 15 Jan 2010 13:34:44 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at zeratul.daenney.net X-Spam-Flag: NO X-Spam-Score: -4.399 X-Spam-Level: X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1.8, AWL=0.000, BAYES_00=-2.599] Received: from zeratul.nl ([127.0.0.1]) by localhost (daenney.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wSW5Wwrhqy6R for ; Fri, 15 Jan 2010 13:34:43 +0100 (CET) Received: from switch.thematrix (unknown [82.74.193.138]) by zeratul.nl (Postfix) with ESMTPSA id A487FDC081 for ; Fri, 15 Jan 2010 13:34:43 +0100 (CET) Message-ID: <4B5060DC.6020608@daenney.net> Date: Fri, 15 Jan 2010 13:34:36 +0100 From: Daniele Sluijters User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.5) Gecko/20091204 Lightning/1.0b2pre Thunderbird/3.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org X-Enigmail-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig2DA032FCABA02D9575FE03E6" Subject: CVE-2009-4355 / openssl memory leak in SSLv3 (DoS) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2010 12:35:08 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2DA032FCABA02D9575FE03E6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Yesterday most major linux distributions pushed an update to their servers with a patched version of openssl conerning CVE-2009-4355. However, I have unitl now been unable to find anything on the subject (no SA or anything on VuXML) as to how this bug affects FreeBSD and if there's a patch on its way to the upstream ports-tree. Is there anyone who has some information on the subject? -- Daniele Sluijters --------------enig2DA032FCABA02D9575FE03E6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) iEYEARECAAYFAktQYOMACgkQR+7VkEHuyHxdfwCfapKB7QPdKtgEUlfiSYjRElaX SL8AnRFpLKs16dAsAN3wqzB5l5hcQeRh =CwcZ -----END PGP SIGNATURE----- --------------enig2DA032FCABA02D9575FE03E6--