[Bug 191799] [patch] openssl - fix regression from CVE-2014-0224 - "ccs received early"

Thu Jan 8 01:04:25 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191799

--- Comment #1 from Andrew Daugherity <andrew.daugherity at gmail.com> ---
This bug still needs attention -- I have to rebuild libssl locally (with this
patch) after each openssl advisory.

For releng/10.1 it was fixed with the import of openssl 1.0.1i in r269686.  It
has not been fixed for releng/10.0, 9.3, or 8.4 (or 9.1/9.2, but those have
fallen out of support).

Can someone please add the 'patch' and 'regression' keywords (or whatever is
appropriate -- I apparently can't set them myself) so the appropriate people
see it and the patch can be reviewed/committed?  Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.