From owner-freebsd-security@freebsd.org Wed Aug 25 18:20:14 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 474F8658C85 for ; Wed, 25 Aug 2021 18:20:14 +0000 (UTC) (envelope-from SRS0=cgzw=NQ=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvvR05n9mz54Xt for ; Wed, 25 Aug 2021 18:20:12 +0000 (UTC) (envelope-from SRS0=cgzw=NQ=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 3C4E428416 for ; Wed, 25 Aug 2021 20:20:04 +0200 (CEST) Received: from illbsd.quip.test (ip-78-45-215-131.net.upcbroadband.cz [78.45.215.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 614AA28411 for ; Wed, 25 Aug 2021 20:20:03 +0200 (CEST) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:16.openssl To: freebsd-security@freebsd.org References: <20210824205300.305BF72EF@freefall.freebsd.org> <44434c22-51c6-92cb-c9de-60fae4764347@sentex.net> <7137A3E8-7B53-452B-8187-9F873A68A228@tetlows.org> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <7d35f093-e125-3328-e7b1-c4012fcd6106@quip.cz> Date: Wed, 25 Aug 2021 20:20:02 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <7137A3E8-7B53-452B-8187-9F873A68A228@tetlows.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4GvvR05n9mz54Xt X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of "SRS0=cgzw=NQ=quip.cz=000.fbsd@elsa.codelab.cz" has no SPF policy when checking 94.124.105.4) smtp.mailfrom="SRS0=cgzw=NQ=quip.cz=000.fbsd@elsa.codelab.cz" X-Spamd-Result: default: False [2.11 / 15.00]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; ARC_NA(0.00)[]; NEURAL_SPAM_SHORT(0.91)[0.911]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; DMARC_NA(0.00)[quip.cz]; R_SPF_NA(0.00)[no SPF record]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=cgzw=NQ=quip.cz=000.fbsd@elsa.codelab.cz]; RECEIVED_SPAMHAUS_PBL(0.00)[78.45.215.131:received]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=cgzw=NQ=quip.cz=000.fbsd@elsa.codelab.cz]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Aug 2021 18:20:14 -0000 On 25/08/2021 17:35, Gordon Tetlow via freebsd-security wrote: [...] >> Hi Gordon, >> >> I was thinking more in terms of just a mention that RELENG_11 is >> indeed vulnerable, no ? > > I hear you. We don't really have a way of doing that with our existing SA setup. It's oriented to releasing patches; it is not equipped to notify users of vulnerabilities that we do not have a patch for. Let me think on how we might support such a thing and discuss with the team. Will it be published (marked as vulnerable) in vuln.xml so users of security/base-audit will be notified? Kind regards Miroslav Lachman