Date: Wed, 9 Apr 2014 13:36:48 +0100 From: Pawel Biernacki <pawel.biernacki@gmail.com> To: freebsd-security@freebsd.org Subject: Proposal (Was: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl) Message-ID: <CAA3htvtb%2ByZRApEqJ41ue%2B6jB5Y_Une96SYyJRwQXBmQfRZbtQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
On 9 April 2014 00:34, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-14:06.openssl Security Advi= sory > The FreeBSD Pro= ject > > Topic: OpenSSL multiple vulnerabilities > > Category: contrib > Module: openssl > Announced: 2014-04-08 > Affects: All supported versions of FreeBSD. > Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE) > 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1) > 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE) > 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4) > 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11) > 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE) > 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8) > 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15) > CVE Name: CVE-2014-0076, CVE-2014-0160 > Thank you for finally patching that vulnerability. Many of us, FreeBSD users, are deeply concerned about security. Yesterday we had a very busy day on #FreeBSD on freenode with many people asking why there is no SA and how to mitigate the thread or patch it on their own. I understand that this is voluntary role and you have another (real life) responsibilities that=E2=80=99s why I'd like to propose an idea of (a= t least partially) paid position of Security Officer, because we all need quick and efficient response in cases like that. FreeBSD Community has a good history of paying for work, many of us supported phk@ in 2004, and recently FreeBSD Foundation hired several people to work for all of us. Because I've no idea how Foundation had planned a budget for this year, I don't know if there are any money that can be allocated for that position. If not, maybe Foundation can conduct additional public fundraising for that purpose? --=20 One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die= .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAA3htvtb%2ByZRApEqJ41ue%2B6jB5Y_Une96SYyJRwQXBmQfRZbtQ>