Date: Wed, 11 Mar 2015 15:55:15 +0100 From: Dan Lukes <dan@obluda.cz> To: Paul Hoffman <paul.hoffman@vpnc.org>, freebsd security <freebsd-security@freebsd.org> Cc: current@freebsd.com Subject: Re: sendmail broken by libssl in current Message-ID: <55005753.3070306@obluda.cz> In-Reply-To: <6BD2AE7F-8EC5-4EBC-A183-E03EC54456BC@vpnc.org> References: <54FFE774.50103@freebsd.org> <6BD2AE7F-8EC5-4EBC-A183-E03EC54456BC@vpnc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Hoffman wrote: > Can you say which email servers *other* than unpatched Ironport fail? > Cisco has known about this for many months; see <https://tools.cisco.com/quickview/bug/CSCuo25276>; Note that Bug CSCuo25276 is considered duplicate of the bug CSCuo25329. > If that's true (I can't confirm), why would we want to do a patch to our core crypto? Good question. The following should be taken into consideration. According CSCuo25329, the issue has been fixed on Mar 2,2015 in 8.0.2-055 and 8.5.6-063 release of Cisco Email Security Appliance. There are three known affected releases only - 8.0.1-023, 8.5.0-473, 8.5.5-280 Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55005753.3070306>