Date: Wed, 25 Aug 2021 20:20:02 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:16.openssl Message-ID: <7d35f093-e125-3328-e7b1-c4012fcd6106@quip.cz> In-Reply-To: <7137A3E8-7B53-452B-8187-9F873A68A228@tetlows.org> References: <20210824205300.305BF72EF@freefall.freebsd.org> <44434c22-51c6-92cb-c9de-60fae4764347@sentex.net> <A032A5CA-9FF3-4DBE-A4AD-8AE20B48544D@tetlows.org> <c63f05fa-b710-e577-845e-c019c08de4df@sentex.net> <7137A3E8-7B53-452B-8187-9F873A68A228@tetlows.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25/08/2021 17:35, Gordon Tetlow via freebsd-security wrote: [...] >> Hi Gordon, >> >> I was thinking more in terms of just a mention that RELENG_11 is >> indeed vulnerable, no ? > > I hear you. We don't really have a way of doing that with our existing SA setup. It's oriented to releasing patches; it is not equipped to notify users of vulnerabilities that we do not have a patch for. Let me think on how we might support such a thing and discuss with the team. Will it be published (marked as vulnerable) in vuln.xml so users of security/base-audit will be notified? Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7d35f093-e125-3328-e7b1-c4012fcd6106>