Per Daniele Sluijters's inquiry on the 15th,CVE-2009-4355, as
well as with a provision/draft fix for CVE-2009-3555
MITM/Renegotiation Venerability.
I suspect we wont have a patch out for RELENG_6_3 by the 31st?
But I'm willing to maintain one for another few months.
~BAS
-------- Forwarded Message --------
From: OpenSSL <ope...@openssl.org>
Reply-to: openss...@openssl.org
To: openss...@openssl.org, openssl-...@openssl.org
Subject: OpenSSL 1.0.0 beta5 release
Date: Wed, 20 Jan 2010 19:19:16 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
OpenSSL version 1.0.0 Beta 5
============================
[..snip...]
Since the fourth beta, the following has happened:
- Provisional TLS session renegotiation fix
- Option to output hash using older algorithm in x509 utility
- Compression session handling bug fix
- Build system fixes.
- Other bug fixes.
Reports and patches should be sent to openss...@openssl.org.
[..snip...]
I am not sure whether there was a reply yet, but we received the message in good order and had logged this on our
agenda.
Someone will have a look at this and take appropriate actions.
Best regards,
Remko
> _______________________________________________
> freebsd-...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"
--
/"\ Best regards, | re...@FreeBSD.org
\ / Remko Lodder | remko@EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News