Date: Tue, 21 Nov 2017 20:11:13 -0500 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-security@freebsd.org Subject: Re: Why no update of base/ports openssl for recent CVEs? Message-ID: <CA%2BQLa9C5WU2B9WA7NCKx0y=Cc57GWeyBzs5hB4zkc8vxv-E8aw@mail.gmail.com> In-Reply-To: <9a41694c-fffb-e58c-5946-abbc99160fb4@bluerosetech.com> References: <9a41694c-fffb-e58c-5946-abbc99160fb4@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't have an answer for base, but I think if you just update your ports tree, you will see the update to 1.0.2m was committed on Nov 2nd (2 weeks and 5 days ago): https://svnweb.freebsd.org/ports?view=revision&revision=453380 On Tue, Nov 21, 2017 at 6:31 PM, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote: > OpenSSL 1.0.2 before 1.0.2m (ports and 11.x base) are affected by > CVE-2017-3735 and CVE-2017-3736, the most recent reported on 2 November. > > Why hasn't an SA and update for base been released, or security/openssl > been updated? > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9C5WU2B9WA7NCKx0y=Cc57GWeyBzs5hB4zkc8vxv-E8aw>