Date: Fri, 6 Jun 2014 14:33:59 +1000 From: John Marshall <john.marshall@riverwillow.com.au> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:14.openssl Message-ID: <20140606043359.GF16618@rwpc15.gfn.riverwillow.net.au> In-Reply-To: <201406051316.s55DGtwI041948@freefall.freebsd.org> References: <201406051316.s55DGtwI041948@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--n+lFg1Zro7sl44OB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 05 Jun 2014, 13:16 +0000, FreeBSD Security Advisories wrote: > Corrected: > 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8) > VI. Correction details > Branch/path Revision > ------------------------------------------------------------------------- > releng/9.2/ r267104 I've just src-upgraded a system and expected to see OpenSSL version 0.9.8za at the end of it all. I checked the patches and the OpenSSL version number wasn't touched. Is this an expected outcome? rwsrv04> uname -v; openssl version FreeBSD 9.2-RELEASE-p8 #0 r267130: Fri Jun 6 12:43:09 AEST 2014... OpenSSL 0.9.8y 5 Feb 2013 rwsrv04> ls -l /usr/lib/libssl.so.6 -r--r--r-- 1 root wheel 304808 6 Jun 13:31 /usr/lib/libssl.so.6 I understand that it was the FreeBSD distribution that was patched and not the OpenSSL distribution, but having the operating system and applications reporting a "vulnerable" version of OpenSSL isn't reassuring to other folks. --=20 John Marshall --n+lFg1Zro7sl44OB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlORRLcACgkQw/tAaKKahKIhewCgsmZjvSAB8Irz7zySOuanv3Sc xFEAn0h+TQ5hmLldOcVtHmoV6A0buPup =+7zl -----END PGP SIGNATURE----- --n+lFg1Zro7sl44OB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140606043359.GF16618>