From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 02:27:33 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 89204FAD for ; Tue, 8 Apr 2014 02:27:33 +0000 (UTC) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 53F9E140F for ; Tue, 8 Apr 2014 02:27:33 +0000 (UTC) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.14.8/8.14.8) with ESMTP id s382RLQM070686; Mon, 7 Apr 2014 22:27:21 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <53435E7D.5000801@sentex.net> Date: Mon, 07 Apr 2014 22:27:09 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: d@delphij.net, freebsd-security@freebsd.org Subject: Re: http://heartbleed.com/ References: <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net> In-Reply-To: <53431275.4080906@delphij.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.74 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 02:27:33 -0000 On 4/7/2014 5:02 PM, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, Thomas, > > On 04/07/14 13:49, Thomas Steen Rasmussen wrote: >> Hello, >> >> http://heartbleed.com/ describes an openssl vulnerability >> published today. We are going to need an advisory for the openssl >> in base in FreeBSD 10 and we are also going to need an updated >> port. >> >> The implications of this vulnerability are pretty massive, >> certificates will need to be replaced and so on. I don't want to >> repeat the page, so go read that. > > We are already working on this but building, reviewing, etc. would > take some time. > Hi, The webpage lists FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c) I take it this is only if you installed from the ports no ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/