Date: Tue, 14 Jun 2016 12:53:01 +0200 From: "Herbert J. Skuhra" <herbert@mailbox.org> To: FreeBSD Ports <freebsd-ports@freebsd.org> Cc: "dinoex@FreeBSD.org" <dinoex@FreeBSD.org> Subject: Re: openssl-1.0.2.13 Message-ID: <867fds2gaa.wl-herbert@mailbox.org> In-Reply-To: <SN2PR20MB084569E9E00B375CE71ABF0F80540@SN2PR20MB0845.namprd20.prod.outlook.com> References: <SN2PR20MB084569E9E00B375CE71ABF0F80540@SN2PR20MB0845.namprd20.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Gerard Seibert skrev: > > I have a question regarding "openssl-1.0.2.13". Since the port is > marked as "vulnerable", I was wondering if there is any idea when a > corrected port will be released? % svnlite log -l1 ------------------------------------------------------------------------ r416823 | dinoex | 2016-06-12 23:29:57 +0200 (Sun, 12 Jun 2016) | 3 lines - Fix DSA, preserve BN_FLG_CONSTTIME Security: CVE-2016-2178 > Also, according to the documentation on > https://vuxml.FreeBSD.org/freebsd/6f0529e2-2e82-11e6-b2ec-b499baebfeaf.html > this only affects versions of openssl < 1.0.2_13 Yes, openssl 1.0.2_13 is the fixed version. Run 'pkg audit -F' and try again. -- Herbert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?867fds2gaa.wl-herbert>