From owner-freebsd-security@FreeBSD.ORG Thu Oct 18 22:54:02 2007 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5C2616A420; Thu, 18 Oct 2007 22:54:02 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id A8F1D13C48D; Thu, 18 Oct 2007 22:54:01 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from benji.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 518DC1E8C13; Thu, 18 Oct 2007 22:37:14 +0000 (UTC) Received: by benji.nitro.dk (Postfix, from userid 2000) id 44C29FE79; Fri, 19 Oct 2007 00:37:25 +0200 (CEST) Date: Fri, 19 Oct 2007 00:37:24 +0200 From: "Simon L. Nielsen" To: freebsd-current@freebsd.org, freebsd-stable@FreeBSD.org Message-ID: <20071018223724.GA987@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM" Content-Disposition: inline User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-security@FreeBSD.org Subject: [simon@FreeBSD.org: cvs commit: src/crypto/openssl/ssl d1_both.c dtls1.h ssl.h ssl_err.c] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-current@freebsd.org, simon@FreeBSD.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2007 22:54:02 -0000 --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey, RELENG_7 isn't -STABLE yet, so the issue mention in the commit mail beolow will not get a Security Advisory. This only affects applications using DTLS, and I doubt there are many of those, but users should still upgrade to get this fix, just in case. See the OpenSSL advisory for some more details: http://www.openssl.org/news/secadv_20071012.txt If anybody were wondering, and hadn't checked the OpenSSL advisory: older versions of FreeBSD aren't affected as they have OpenSSL 0.9.7 which isn't affected (it doesn't have DTLS support). ----- Forwarded message from "Simon L. Nielsen" ----- =46rom: "Simon L. Nielsen" Date: Thu, 18 Oct 2007 22:20:04 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/crypto/openssl/ssl d1_both.c dtls1.h ssl.h ssl_err.c simon 2007-10-18 22:20:04 UTC FreeBSD src repository Modified files: (Branch: RELENG_7) crypto/openssl/ssl d1_both.c dtls1.h ssl.h ssl_err.c=20 Log: MFC: Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. =20 Security: CVE-2007-4995 Security: http://www.openssl.org/news/secadv_20071012.txt Approved by: re (kensmith) =20 Revision Changes Path 1.1.1.1.2.1 +533 -605 src/crypto/openssl/ssl/d1_both.c 1.1.1.1.2.1 +3 -4 src/crypto/openssl/ssl/dtls1.h 1.1.1.16.2.1 +1 -0 src/crypto/openssl/ssl/ssl.h 1.1.1.11.2.1 +1 -0 src/crypto/openssl/ssl/ssl_err.c ----- End forwarded message ----- --=20 Simon L. Nielsen FreeBSD Deputy Security Officer --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHF+AkBJx0gP90kKsRAoFUAJ9zipHwlRUf6Hv10pAOMoe9HedTfQCfcou6 +3RFPlWCxEwhRu0gf3R/Miw= =3yB7 -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM--