----- Original Message -----
From: "Karl Denninger" <k...@denninger.net>
On 4/9/2014 9:21 AM, Zoran Kolic wrote:
Advisory claims 10.0 only to be affected. Patches to
branch 9 are not of importance on the same level?
9 (and before) were only impacted if you loaded the newer OpenSSL from
ports. A fair number of people did, however, as a means of preventing
BEAST attack vectors.
If you did, then you need to update that and have all your private keys
re-issued. If you did not then you never had the buggy code in the
first place.
Actually they are vulnerable without any ports install just not to
CVE-2014-0160 only CVE-2014-0076, both of which where fixed by
SA-14:06.openssl
Regards
Steve
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
