From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 02:41:29 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 91603AC8 for ; Tue, 8 Apr 2014 02:41:29 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5B8D615AB for ; Tue, 8 Apr 2014 02:41:29 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s382fTDI074592 for ; Tue, 8 Apr 2014 02:41:29 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s382fT5f074591 for freebsd-security@freebsd.org; Tue, 8 Apr 2014 02:41:29 GMT (envelope-from bdrewery) Received: (qmail 47731 invoked from network); 7 Apr 2014 21:41:27 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 7 Apr 2014 21:41:27 -0500 Message-ID: <534361D5.6070109@FreeBSD.org> Date: Mon, 07 Apr 2014 21:41:25 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: http://heartbleed.com/ References: <53430F72.1040307@gibfest.dk> In-Reply-To: <53430F72.1040307@gibfest.dk> X-Enigmail-Version: 1.6 OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UdKbaQ2b8iM932vBiR62DvitLjKEuwEur" X-Mailman-Approved-At: Tue, 08 Apr 2014 02:46:48 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 02:41:29 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --UdKbaQ2b8iM932vBiR62DvitLjKEuwEur Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 4/7/2014 3:49 PM, Thomas Steen Rasmussen wrote: > Hello, >=20 > http://heartbleed.com/ describes an openssl vulnerability published > today. We are going to need an advisory for the openssl in base in > FreeBSD 10 and we are also going to need an updated port. >=20 > The implications of this vulnerability are pretty massive, > certificates will need to be replaced and so on. I don't want to > repeat the page, so go read that. >=20 > Best regards, >=20 >=20 > /Thomas Steen Rasmussen >=20 > ps. there is a bit on the openssl site too: > https://www.openssl.org/news/secadv_20140407.txt The port has been updated. 1.0.1_10 has the fix. --=20 Regards, Bryan Drewery --UdKbaQ2b8iM932vBiR62DvitLjKEuwEur Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTQ2HWAAoJEDXXcbtuRpfPwlAIAKDtXjdC8TbcVGLJAC9iajLd Cc+7cc/y9Rxs0ALQlzjPrt4NwTCdoCffJkRSDpvvUL/ciIU8hEjctEDAREEqLyg7 E2dM5YlXeqNzsu7X5x5dnh1+QjKZh6/9LvRPYYtgM8mFsIA86hATxuqb1XWYB8/V k8cbPUEyVJk1LXKgh0VhTV6eqSygrhMG8cGMQ760vGG5CdXDkT+pmHFkOkH+0xMz buA2XQI3lvr3Q0CzTDMUUayNDfBZoKJj20L46PoHYsamlzOVG+g3PDuQGAMfu83A l2bzfHaehWgjyxlQev8XiXJZHbgIB9+68hO9og97XkI1750kL2HPCKJS4P2b2BM= =8iwj -----END PGP SIGNATURE----- --UdKbaQ2b8iM932vBiR62DvitLjKEuwEur--