From owner-freebsd-security@FreeBSD.ORG Wed Jan 20 20:25:46 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A002B1065670 for ; Wed, 20 Jan 2010 20:25:46 +0000 (UTC) (envelope-from lavalamp@spiritual-machines.org) Received: from mx04.pub.collaborativefusion.com (mx04.pub.collaborativefusion.com [206.210.72.84]) by mx1.freebsd.org (Postfix) with ESMTP id 6FDCB8FC1B for ; Wed, 20 Jan 2010 20:25:46 +0000 (UTC) Received: from [192.168.2.161] ([206.210.89.202]) by mx04.pub.collaborativefusion.com (StrongMail Enterprise 4.1.1.4(4.1.1.4-47689)); Wed, 20 Jan 2010 15:37:18 -0500 X-VirtualServerGroup: Default X-MailingID: 00000::00000::00000::00000::::25 X-SMHeaderMap: mid="X-MailingID" X-Destination-ID: freebsd-security@freebsd.org X-SMFBL: ZnJlZWJzZC1zZWN1cml0eUBmcmVlYnNkLm9yZw== From: "Brian A. Seklecki" To: freebsd-security@freebsd.org Content-Type: text/plain Date: Wed, 20 Jan 2010 15:10:38 -0500 Message-Id: <1264018238.18129.46.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> Mime-Version: 1.0 X-Mailer: Evolution 2.26.3 (2.26.3-1.fc11) Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 21 Jan 2010 02:37:20 +0000 Subject: [Fwd: OpenSSL 1.0.0 beta5 release] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2010 20:25:46 -0000 All: Per Daniele Sluijters's inquiry on the 15th,CVE-2009-4355, as well as with a provision/draft fix for CVE-2009-3555 MITM/Renegotiation Venerability. I suspect we wont have a patch out for RELENG_6_3 by the 31st? But I'm willing to maintain one for another few months. ~BAS -------- Forwarded Message -------- From: OpenSSL Reply-to: openssl-users@openssl.org To: openssl-users@openssl.org, openssl-announce@openssl.org Subject: OpenSSL 1.0.0 beta5 release Date: Wed, 20 Jan 2010 19:19:16 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.0 Beta 5 ============================ [..snip...] Since the fourth beta, the following has happened: - Provisional TLS session renegotiation fix - Option to output hash using older algorithm in x509 utility - Compression session handling bug fix - Build system fixes. - Other bug fixes. Reports and patches should be sent to openssl-bugs@openssl.org. [..snip...]