Date: Tue, 21 Nov 2017 15:31:06 -0800 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: freebsd-security@freebsd.org Subject: Why no update of base/ports openssl for recent CVEs? Message-ID: <9a41694c-fffb-e58c-5946-abbc99160fb4@bluerosetech.com>
next in thread | raw e-mail | index | archive | help
OpenSSL 1.0.2 before 1.0.2m (ports and 11.x base) are affected by CVE-2017-3735 and CVE-2017-3736, the most recent reported on 2 November. Why hasn't an SA and update for base been released, or security/openssl been updated?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a41694c-fffb-e58c-5946-abbc99160fb4>