From owner-freebsd-security@FreeBSD.ORG Sun Aug 31 19:05:49 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 120D51A5 for ; Sun, 31 Aug 2014 19:05:49 +0000 (UTC) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB48B1C81 for ; Sun, 31 Aug 2014 19:05:48 +0000 (UTC) Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4928D4FB1A; Sun, 31 Aug 2014 12:05:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1409511942; bh=JHa6C7EzdrOM01HwfS3PZs8A1oRddjsKx4MQ6/IFCrA=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=SpPXQqqBflJL+ntOuwVo+v4LfVkJZ+I2gO2JkyicRhsqlHtVpPYuzRvWEKSynDVW3 OgacMRWcQvNYFUsP3CM60lPSEPcTQJBTUGdssEiiihUMiJrUXyObQBQhyXt+/iSdXv 7IJXnIPfLgec1O7TMlb+vydaxuSZ5zFgMaOYa0Es= Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: pkubaj) with ESMTPSA id 6569042B76 Message-ID: <54037202.7040307@riseup.net> Date: Sun, 31 Aug 2014 21:05:38 +0200 From: Piotr Kubaj User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Hassane HYJAZI , Brandon Vincent Subject: Re: OpenSSL SA References: <54021C36.6070709@riseup.net> <54033A15.5080804@hyjazi.me> In-Reply-To: <54033A15.5080804@hyjazi.me> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="PK9R0UBlvdxF8GQ9gL4hM4rvxRT2xrGwf" X-Virus-Scanned: clamav-milter 0.98.4 at mx1 X-Virus-Status: Clean X-Mailman-Approved-At: Sun, 31 Aug 2014 20:26:04 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Aug 2014 19:05:49 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --PK9R0UBlvdxF8GQ9gL4hM4rvxRT2xrGwf Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/31/2014 17:07, Hassane HYJAZI wrote: > security/openssl version : 1.0.1_15 ~=3D 1.01i (+2patch) fixing all of= this. > check commit history at http://www.freshports.org/security/openssl >=20 >=20 >=20 > Le 30/08/2014 19:47, Piotr Kubaj a =C3=A9crit : >> Hello. According to https://www.openssl.org/news/secadv_20140806.txt >> there's been a known SA in OpenSSL for 24 days. Since then >> security/openssl has been updated and there have been updates to head >> and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that so= @ >> has somehow forgotten about it, or the vulnerable features are off in >> base? >> >=20 I know about security/openssl and have written about it in my first mail. What I was asking about was a patch to releng/. On 08/31/2014 17:11, Brandon Vincent wrote:> On Sun, Aug 31, 2014 at 8:05 AM, Piotr Kubaj wrote: >> Yes, I wrote in the original mail that there have been updates to stable/{8,9,10}. What I meant by the lack of SA is that there were no updates to releng/. > > releng/10.1 will not be created until October 3rd. releng/10.0 is froze= n. > > https://www.freebsd.org/releng/ > > https://www.freebsd.org/releases/10.1R/schedule.html > > Brandon Vincent > I know what releng/ is, I have been using FreeBSD for 5 years now for just about everything. Sure, some people here remember 3.x, but after 5 years I'm not a noob. I wasn't asking for a whole new version, although they were such updates to releng, see http://svnweb.freebsd.org/base?limit_changes=3D0&view=3Drevision&revision= =3D249029 =2E I was asking for just a simple patch like in http://svnweb.freebsd.org/base?view=3Drevision&revision=3D267104 . Such patches used to be committed, when publishing SA's, but I guess something (?) has changed for worse. --PK9R0UBlvdxF8GQ9gL4hM4rvxRT2xrGwf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUA3ICAAoJEC9nKukRsfY+CgwP/2pE7655vfoGYknt76EXOAMr cwJN7IT1+LO2z1oDsWqKxa67FqEvte8q0rBbSIKa6xIGijhX2kiUBZjhW0LxDJLE 2ib0HZ4UfKTXMtpEtMCebrbXk50XbcV7Ha7i5JJ9NCAMiYbjzGscIrofp2aBCo6s yUR7mxavWHu/LGkeGb0KkjaqPj6ycYDTObtLb4OlcxIWYejBtTWvjBMtz5eToqmf qxLA59bpYTqdjpdfKEhQePWeVOpn4H07P0uIxTrztVxh6Wmks91Vruc7D29EZbeL UYkc9c9gTAQPYkVRaHuupZl8GJA3RBlbCxrazUtM0DuFtyniaxzEGt8mnYOS3nA4 huU2sfhCn+aDhMVmM1xgc2cheT6d5QhP3YbV9rmV/gR5zMKME7viLTx8zvnNj9zx 0b0EZJcCTlaSpourEYU7ArcDNRLP3zvzLCtX7gQ5W9+1IRkqoBUS9cfftSVDoIH5 i4lPhAK+UrvnQuSqq9h7QTEjGrHar0TsZC/deR8ruMOFcaPeRKxS/3rlX/c5Y2lC pUdyuw8MjzfLasqlRZFs7A6fR4ugFmWKAXtSchQ91N0kcY5Kj6QeZK3o+fRIrgZu TiY8/QvQ9GmpdnYOWdG9wYv2ZPkYzzQ9HyL10jTeJwTMAtj07Q0Yn4VxGc2cowG3 qyF8kAqJusOn0xSm/5mi =Lte5 -----END PGP SIGNATURE----- --PK9R0UBlvdxF8GQ9gL4hM4rvxRT2xrGwf--