Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 07 Apr 2014 19:29:18 -0700
From:      Xin Li <delphij@delphij.net>
To:        Mike Tancsa <mike@sentex.net>, d@delphij.net, freebsd-security@freebsd.org
Subject:   Re: http://heartbleed.com/
Message-ID:  <53435EFE.4010103@delphij.net>
In-Reply-To: <53435E7D.5000801@sentex.net>
References:  <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net> <53435E7D.5000801@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 4/7/14, 7:27 PM, Mike Tancsa wrote:
> On 4/7/2014 5:02 PM, Xin Li wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
>> 
>> Hi, Thomas,
>> 
>> On 04/07/14 13:49, Thomas Steen Rasmussen wrote:
>>> Hello,
>>> 
>>> http://heartbleed.com/ describes an openssl vulnerability 
>>> published today. We are going to need an advisory for the
>>> openssl in base in FreeBSD 10 and we are also going to need an
>>> updated port.
>>> 
>>> The implications of this vulnerability are pretty massive, 
>>> certificates will need to be replaced and so on. I don't want
>>> to repeat the page, so go read that.
>> 
>> We are already working on this but building, reviewing, etc.
>> would take some time.
>> 
> 
> Hi, The webpage lists
> 
> FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c)
> 
> I take it this is only if you installed from the ports no ?

That's correct.  OpenSSL shipped with the base system in these two
releases are not vulnerable because they don't support the extension.

Cheers,

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTQ179AAoJEJW2GBstM+nsIa4P/RAXDidWzc01T2ghX4uNFtod
C2Wd2k2B6i24LcV3PPub6dQjRI9sMxh9Q/7bIqXctThJ41U9s44P7Zvf6T7Xh/LY
YM4FBAFKNiMC+WZsS78pGW6pYIULml66El7sb/G6DNOzjezWlD3MwnPo2S0nibQJ
BDJ0pU3BH0A2rvyDWmF7aAveJtEuFPCCovytadStHiFZk3nKMwdN0ariLVq8JFlU
s5uqf0rWRXuYIIJ2/Fv9XxUHWi0RrvyXojfdPVNIhEppmdswCzxyb+PLOBbWuZZp
9ma/ELuo8VJmmsP2A0zX2PriejfFtTR7vXP8V3VwP8RvS2YRFH44Bmyllxn2eYYI
HbemABH2A5rCiMbEu32AGX7i1HikWScwKNIEJbK35BEIb9g3UGRFuxeRw9J6mTyd
44hMRO1YeyHv/nuSQ+g+d+nzB1dBYSq7YbG5UAPs0v+5fbnoPTU/28olKx1br83H
BZdO+y8VUppNnRWL2wvnsbd1M8/nGABNBD9tco9ftlN0jUpFtSXkPEt20JWwZS/l
HiD328EnTJKgB5nllizsCDIgaTDUYMeH6Bf8QJ54t+Cfu6sS1YYCv2/ycu5tKfqv
yRU6ypV82kye/fRBkFj4JwCOXcPozm+9uPAG9bk1355w+EyKmMrba79BvwtQ+uUj
PXJpfmZifPnNDBTXrg2d
=FDDO
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53435EFE.4010103>