From owner-freebsd-security@FreeBSD.ORG Wed Apr 9 19:38:56 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5E6A2938 for ; Wed, 9 Apr 2014 19:38:56 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CA85B15CE for ; Wed, 9 Apr 2014 19:38:55 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s39Jcm23027706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Wed, 9 Apr 2014 20:38:49 +0100 (BST) (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s39Jcm23027706 Authentication-Results: smtp.infracaninophile.co.uk/s39Jcm23027706; dkim=none reason="no signature"; dkim-adsp=none Message-ID: <5345A1BF.2030809@FreeBSD.org> Date: Wed, 09 Apr 2014 20:38:39 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Proposal References: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com> <8D81F198-36A7-47F4-B486-DA059910A6B4@spam.lifeforms.nl> <867g6y1kfe.fsf@nine.des.no> In-Reply-To: <867g6y1kfe.fsf@nine.des.no> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="QqLsXPn8leRvonQn94suNIf2U9mhighSg" X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Wed, 09 Apr 2014 19:54:25 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 19:38:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --QqLsXPn8leRvonQn94suNIf2U9mhighSg Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 09/04/2014 18:28, Dag-Erling Sm=C3=B8rgrav wrote: > RedHat had prior notice since one of the OpenSSL devs is on their > security team. They had an update ready to roll out before the issue > was leaked (the builds are dated 2014-04-07 11:34:45 UTC), and were > basically just waiting for the announcement, which was originally > planned for today. Didn't we (FreeBSD) have any advanced knowledge? There is at least one FreeBSD committer who is also an OpenSSL developer... Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --QqLsXPn8leRvonQn94suNIf2U9mhighSg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTRaHHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATXBIQAKEyyn3bZA6zBNeUwWYsvMqr n87XQiM5VsGan9/QUaQZ/M29sIFtB3Hd8DP1GZcShcjcWsan8dw5wSfx1O1qSLwU Rstsw7RsO9C/Uzhipeq8xQzmslRPqKwQdKJ6S2YVuhr+gEv823lH08GwfwL5iQHT HD1lknJgGgfpt/tkMq8IwjwFsKfNF0tyQ5w0gjFI7akLVO5iH185bUw8I5oO2/N1 AOm6m47moo97WBN2G1Caxcee+R9gnlLDaGkOTLlhdUJcTRimbO34f1fTba7djwY2 8fvHASKeR+Vm2wmwSRMWkogon0Dg8N6DGIJ8JshZ31zkxwApOj9LLGe55dAVXPSj nGZyA3Cmomwolj1ICMGWfG3tst334AOYNa3Zn79/NNVoSZuZzp81lYLH8oUuqNb6 X13yzA7F82rlKhhuLk5oG0e/gTDxUFhy84pJV7utFaAYOzphB0vqE3BT5yqo7f3l xfg6gDGfLBi9P1lzWNvz3YAE/2JYcFOBg40QctezE/C1sbXWaaxHsrBtfVpoZqxH 2LG/b9aTP7/cRV6l/5IUg3dVr9nKAhDPcZ51ZtSdc040UoVrKhrpeCyxxKz4G1GB xf27cqS4/n/6Nc9NUdsfF/J+j78R5ZFIt3w+v5zegEECXRk2XmnXObwjdYOLFsfY zk5HXTRlCJr28lWZufB9 =u2rw -----END PGP SIGNATURE----- --QqLsXPn8leRvonQn94suNIf2U9mhighSg--