On 26 Nov 2010, at 23:50, Simon L. Nielsen wrote: > Author: simon > Date: Fri Nov 26 22:50:58 2010 > New Revision: 215912 > URL: http://svn.freebsd.org/changeset/base/215912 > > Log: > Merge OpenSSL 0.9.8p into stable/8. > > This merges up to and including head/crypto/openssl/ r215697; and > head/secure/lib/libcrypto/, head/secure/lib/libssl/, > head/secure/usr.bin/openssl/ r215698. > > To make the merge simpler, a hack was added to set MACHINE_CPUARCH. > > Security: CVE-2010-2939, CVE-2010-3864 > Security: http://www.openssl.org/news/secadv_20101116.txt > Security: FreeBSD-SA-10:10.openssl > Approved by: re (implicitly - they did not object of the general idea > of OpenSSL update)
Just in case anyone is wondering, FreeBSD-SA-10:10.openssl will not be released right now, but should be out early next week. I just thought I might as well mention it in the commit message as the name is known at this point. PS from what I read and tested so far, the actual risk with both CVE-2010-2939 [1] and CVE-2010-3864 is very little. [1] At least for FreeBSD's current OpenSSL 0.9.8. -- Simon L. B. Nielsen Hat: OpenSSL maintainer (and a bit of the secteam hat) _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
