From owner-freebsd-security@FreeBSD.ORG Wed Jan 20 20:06:55 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80EC71065670 for ; Wed, 20 Jan 2010 20:06:55 +0000 (UTC) (envelope-from bseklecki@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id E1F078FC1D for ; Wed, 20 Jan 2010 20:06:54 +0000 (UTC) Received: from [192.168.2.161] (soundwave.ws.pitbpa0.priv.collaborativefusion.com [192.168.2.161]) (SSL: TLSv1/SSLv3,256bits,CAMELLIA256-SHA) by wingspan with esmtp; Wed, 20 Jan 2010 14:56:53 -0500 id 0003F407.000000004B576005.0001141A From: "Brian A. Seklecki" To: freebsd-security@freebsd.org Organization: Collaborative Fusion, Inc. Date: Wed, 20 Jan 2010 14:56:52 -0500 Message-Id: <1264017412.18129.38.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_wingspan-70682-1264017413-0001-2" X-Mailer: Evolution 2.26.3 (2.26.3-1.fc11) X-Mailman-Approved-At: Thu, 21 Jan 2010 02:23:53 +0000 Subject: [Fwd: OpenSSL 1.0.0 beta5 release] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bseklecki@collaborativefusion.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2010 20:06:55 -0000 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_wingspan-70682-1264017413-0001-2 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable All: Per Daniele Sluijters's inquiry on the 15th,CVE-2009-4355, as=20 well as with a provision/draft fix for CVE-2009-3555 MITM/Renegotiation Venerability. I suspect we wont have a patch out for RELENG_6_3 by the 31st? =20 But I'm willing to maintain one for another few months. ~BAS -------- Forwarded Message -------- From: OpenSSL Reply-to: openssl-users@openssl.org To: openssl-users@openssl.org, openssl-announce@openssl.org Subject: OpenSSL 1.0.0 beta5 release Date: Wed, 20 Jan 2010 19:19:16 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.0 Beta 5 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D [..snip...] Since the fourth beta, the following has happened: - Provisional TLS session renegotiation fix - Option to output hash using older algorithm in x509 utility - Compression session handling bug fix - Build system fixes. - Other bug fixes. Reports and patches should be sent to openssl-bugs@openssl.org. [..snip...] --=_wingspan-70682-1264017413-0001-2 Content-Type: application/pgp-signature; name="signature.asc" Content-Transfer-Encoding: 7bit Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAktXYAQACgkQCne6BNDQ+R+M7ACcDjvjWE3h2ey2L1pwoCIb9S/Q uT4Anjq57M5q333l0rqdATTw/piqR6ux =SzGM -----END PGP SIGNATURE----- --=_wingspan-70682-1264017413-0001-2--