Skip site navigation (1)Skip section navigation (2)
Date:      02 Oct 2003 10:59:15 -0400
From:      Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To:        gabriel_ambuehl@buz.ch
Cc:        questions@freebsd.org
Subject:   Re: Re[2]: openssl ASN bug?
Message-ID:  <444qyrsn24.fsf@be-well.ilk.org>
In-Reply-To: <12973598421.20031002163711@buz.ch>
References:  <9272442000.20031002161755@buz.ch> <44he2rso7b.fsf@be-well.ilk.org> <12973598421.20031002163711@buz.ch>

next in thread | previous in thread | raw e-mail | index | archive | help
gaml@buz.ch writes:

> Hello Lowell,
> 
> Thursday, October 2, 2003, 4:34:32 PM, you wrote:
> 
> > Gabriel Ambuehl <gaml@buz.ch> writes:
> 
> >> There was a security advisory about openssl <0.9.7b having a bug in
> >> the ASN encoding code on 30th Sept 03 and now I'm wondering what to do
> >> about it? Install the port? Wait some more and do another cvsup
> >> (currently, nothing shows up in UPDATING)?
> 
> > The security officer announced (on the 30th) that he was going to
> > import 0.9.7c "over the next few days".  That's complete, but there
> > hasn't been an announcement or FreeBSD SA release.
> 
> So I can cvsup as of today and be safe, right?

So you can cvsup as of today and get openssl 0.9.7c.
Whether that constitutes "safe," you'd have to ask the security officer.

Note that this bug does *not* open your machine up to remote
compromise.  



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?444qyrsn24.fsf>