Date: Sun, 31 Aug 2014 21:05:38 +0200 From: Piotr Kubaj <pkubaj@riseup.net> To: Hassane HYJAZI <hassane@hyjazi.me>, Brandon Vincent <Brandon.Vincent@asu.edu> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL SA Message-ID: <54037202.7040307@riseup.net> In-Reply-To: <54033A15.5080804@hyjazi.me> References: <54021C36.6070709@riseup.net> <54033A15.5080804@hyjazi.me>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 08/31/2014 17:07, Hassane HYJAZI wrote: > security/openssl version : 1.0.1_15 ~= 1.01i (+2patch) fixing all of this. > check commit history at http://www.freshports.org/security/openssl > > > > Le 30/08/2014 19:47, Piotr Kubaj a écrit : >> Hello. According to https://www.openssl.org/news/secadv_20140806.txt >> there's been a known SA in OpenSSL for 24 days. Since then >> security/openssl has been updated and there have been updates to head >> and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that so@ >> has somehow forgotten about it, or the vulnerable features are off in >> base? >> > I know about security/openssl and have written about it in my first mail. What I was asking about was a patch to releng/. On 08/31/2014 17:11, Brandon Vincent wrote:> On Sun, Aug 31, 2014 at 8:05 AM, Piotr Kubaj <pkubaj@riseup.net> wrote: >> Yes, I wrote in the original mail that there have been updates to stable/{8,9,10}. What I meant by the lack of SA is that there were no updates to releng/. > > releng/10.1 will not be created until October 3rd. releng/10.0 is frozen. > > https://www.freebsd.org/releng/ > > https://www.freebsd.org/releases/10.1R/schedule.html > > Brandon Vincent > I know what releng/ is, I have been using FreeBSD for 5 years now for just about everything. Sure, some people here remember 3.x, but after 5 years I'm not a noob. I wasn't asking for a whole new version, although they were such updates to releng, see http://svnweb.freebsd.org/base?limit_changes=0&view=revision&revision=249029 . I was asking for just a simple patch like in http://svnweb.freebsd.org/base?view=revision&revision=267104 . Such patches used to be committed, when publishing SA's, but I guess something (?) has changed for worse. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUA3ICAAoJEC9nKukRsfY+CgwP/2pE7655vfoGYknt76EXOAMr cwJN7IT1+LO2z1oDsWqKxa67FqEvte8q0rBbSIKa6xIGijhX2kiUBZjhW0LxDJLE 2ib0HZ4UfKTXMtpEtMCebrbXk50XbcV7Ha7i5JJ9NCAMiYbjzGscIrofp2aBCo6s yUR7mxavWHu/LGkeGb0KkjaqPj6ycYDTObtLb4OlcxIWYejBtTWvjBMtz5eToqmf qxLA59bpYTqdjpdfKEhQePWeVOpn4H07P0uIxTrztVxh6Wmks91Vruc7D29EZbeL UYkc9c9gTAQPYkVRaHuupZl8GJA3RBlbCxrazUtM0DuFtyniaxzEGt8mnYOS3nA4 huU2sfhCn+aDhMVmM1xgc2cheT6d5QhP3YbV9rmV/gR5zMKME7viLTx8zvnNj9zx 0b0EZJcCTlaSpourEYU7ArcDNRLP3zvzLCtX7gQ5W9+1IRkqoBUS9cfftSVDoIH5 i4lPhAK+UrvnQuSqq9h7QTEjGrHar0TsZC/deR8ruMOFcaPeRKxS/3rlX/c5Y2lC pUdyuw8MjzfLasqlRZFs7A6fR4ugFmWKAXtSchQ91N0kcY5Kj6QeZK3o+fRIrgZu TiY8/QvQ9GmpdnYOWdG9wYv2ZPkYzzQ9HyL10jTeJwTMAtj07Q0Yn4VxGc2cowG3 qyF8kAqJusOn0xSm/5mi =Lte5 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54037202.7040307>