Date: Thu, 10 Dec 2020 06:55:15 -0500 From: <jerry@seibercom.net> To: "'FreeBSD'" <freebsd-questions@freebsd.org> Subject: Patches for OpenSSL Message-ID: <267201d6ceeb$52ffcaa0$f8ff5fe0$@seibercom.net>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I just read "FreeBSD Security Advisory FreeBSD-SA-20:33.openssl". I found the following part of the message quite troubling. "Note: The OpenSSL project has published publicly available patches for versions included in FreeBSD 12.x. This vulnerability is also known to affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL project is only giving patches for that version to premium support contract holders. The FreeBSD project does not have access to these patches and recommends ..." Exactly why doesn't FreeBSD have access to the above mentioned 'patches'? Is this purely a financial matter? If so, then exactly how much are we talking about here? For one, I would be too interested in knowing the specifics regarding FreeBSD's inability to gain access to these patches. -- Jerry [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEELeCiu2K+9VmEYYgTgHBP8gv9FXcFAl/SDKIACgkQgHBP8gv9 FXfKPgwAqMHOJvG5WZzuEkRj+ydbPK2sIeRDiGbgMjq5hvse2jKiiVLTJqPJBuZn wbD4SiwYDVJSYI2z/ngfllCmbrPTOxpT3gJhiREKwcyGCqi0tGSoM6RS6lRBnHp6 nbmNhW0cGjjWa9bQB8kBH+qMqjNbZnn60m3OBYLqw2E0MgC8VDvTwLytgFDNsVuv RDSNTuIoFkCPAxIf+md1BZe/pRtf9gQ/zPEfMKuA7YiXwgjIrsDkSMYeeeReZc1q q2cN0q1EIt7MZgVAUxHTdgFPEJw+Bh4Pg9M3731Oat4PkgKJvpyq3k9zQdCsNVYE vtRqSur1W0fPOHLCY1GRuytSsXkPQrPo4F5zYXtx7k3Dm/qcamIPFsDrTR9exfBE +hY/GDK5syjQJV1MmujXFs25DL4eJK0uG3N19TaTYDB+nVkiv+n0Jb9N3gZ/LdwB PehyqUbd6vjp8KjwzwsJrHLnKHr8kU9caBlITuCK3qf4oDPKjX5HVMi+V08/fHLq ZhltFfJP =IkD0 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?267201d6ceeb$52ffcaa0$f8ff5fe0$>