From owner-freebsd-current@FreeBSD.ORG Thu Oct 18 22:54:02 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id C5C2616A420;
Thu, 18 Oct 2007 22:54:02 +0000 (UTC)
(envelope-from simon@benji.nitro.dk)
Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38])
by mx1.freebsd.org (Postfix) with ESMTP id A8F1D13C48D;
Thu, 18 Oct 2007 22:54:01 +0000 (UTC)
(envelope-from simon@benji.nitro.dk)
Received: from benji.nitro.dk (unknown [192.168.3.39])
by mx.nitro.dk (Postfix) with ESMTP id 518DC1E8C13;
Thu, 18 Oct 2007 22:37:14 +0000 (UTC)
Received: by benji.nitro.dk (Postfix, from userid 2000)
id 44C29FE79; Fri, 19 Oct 2007 00:37:25 +0200 (CEST)
Date: Fri, 19 Oct 2007 00:37:24 +0200
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: freebsd-current@freebsd.org, freebsd-stable@FreeBSD.org
Message-ID: <20071018223724.GA987@zaphod.nitro.dk>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM"
Content-Disposition: inline
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: freebsd-security@FreeBSD.org
Subject: [simon@FreeBSD.org: cvs commit: src/crypto/openssl/ssl d1_both.c
dtls1.h ssl.h ssl_err.c]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd-current@freebsd.org, simon@FreeBSD.org
List-Id: Discussions about the use of FreeBSD-current
<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2007 22:54:02 -0000
--yrj/dFKFPuw6o+aM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hey,
RELENG_7 isn't -STABLE yet, so the issue mention in the commit mail
beolow will not get a Security Advisory. This only affects
applications using DTLS, and I doubt there are many of those, but
users should still upgrade to get this fix, just in case.
See the OpenSSL advisory for some more details:
http://www.openssl.org/news/secadv_20071012.txt
If anybody were wondering, and hadn't checked the OpenSSL advisory:
older versions of FreeBSD aren't affected as they have OpenSSL 0.9.7
which isn't affected (it doesn't have DTLS support).
----- Forwarded message from "Simon L. Nielsen" <simon@FreeBSD.org> -----
=46rom: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Thu, 18 Oct 2007 22:20:04 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/crypto/openssl/ssl d1_both.c dtls1.h ssl.h
ssl_err.c
simon 2007-10-18 22:20:04 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
crypto/openssl/ssl d1_both.c dtls1.h ssl.h ssl_err.c=20
Log:
MFC: Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
=20
Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt
Approved by: re (kensmith)
=20
Revision Changes Path
1.1.1.1.2.1 +533 -605 src/crypto/openssl/ssl/d1_both.c
1.1.1.1.2.1 +3 -4 src/crypto/openssl/ssl/dtls1.h
1.1.1.16.2.1 +1 -0 src/crypto/openssl/ssl/ssl.h
1.1.1.11.2.1 +1 -0 src/crypto/openssl/ssl/ssl_err.c
----- End forwarded message -----
--=20
Simon L. Nielsen
FreeBSD Deputy Security Officer
--yrj/dFKFPuw6o+aM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFHF+AkBJx0gP90kKsRAoFUAJ9zipHwlRUf6Hv10pAOMoe9HedTfQCfcou6
+3RFPlWCxEwhRu0gf3R/Miw=
=3yB7
-----END PGP SIGNATURE-----
--yrj/dFKFPuw6o+aM--