Date: Wed, 9 Apr 2014 17:08:09 +0100 From: David Chisnall <David.Chisnall@cl.cam.ac.uk> To: koobs@FreeBSD.org, Kubilay Kocak <koobs.freebsd@gmail.com> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, Bryan Drewery <bdrewery@FreeBSD.org>, Xin LI <delphij@freebsd.org>, secteam@FreeBSD.org, svn-src-head@freebsd.org, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Subject: Re: svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver Message-ID: <323CC215-6DA6-4C8F-A5DA-72C3CB76566A@cl.cam.ac.uk> In-Reply-To: <534556EB.5080700@FreeBSD.org> References: <201404081827.s38IRXiL048987@svn.freebsd.org> <e25208600d1ed778a20d6ac8596c658a@shatow.net> <86bnwa7gav.fsf@nine.des.no> <534556EB.5080700@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On 9 Apr 2014, at 15:19, Kubilay Kocak <koobs.freebsd@gmail.com> wrote: > That expectation is orthogonal to whether we or other projects do it one > way or another. RHEL users may well be as confused as ours (whether of > not ours are). It may be relevant as a data point, but not for decision > making. I can confirm that, as a user (albeit a slightly sleep-deprived one at the time) I was confused. I believe that I'm now running the correct version, as my libssl.so has a creation date of yesterday, but I don't have a good way of verifying it. It would be great for future security advisories to have a 'how to tell if you're affected' and 'how to tell if you're patched' section. I noticed that freebsd-update told me (after the fetch phase) that I should rebuild all third-party software. I have been following the instructions that we give to users and not building most software on that machine myself. I don't know if there are any packages that statically link to libssl.a (or even if we have a mechanism for determining that), but I'd hope that these would get separate VuXML reports for pkg audit to pick up. Davidhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?323CC215-6DA6-4C8F-A5DA-72C3CB76566A>