openssl-1.0.2.13
Herbert J. Skuhra
herbert at mailbox.org
Tue Jun 14 11:01:22 UTC 2016
Gerard Seibert skrev:
>
> I have a question regarding "openssl-1.0.2.13". Since the port is
> marked as "vulnerable", I was wondering if there is any idea when a
> corrected port will be released?
% svnlite log -l1
------------------------------------------------------------------------
r416823 | dinoex | 2016-06-12 23:29:57 +0200 (Sun, 12 Jun 2016) | 3 lines
- Fix DSA, preserve BN_FLG_CONSTTIME
Security: CVE-2016-2178
> Also, according to the documentation on
> https://vuxml.FreeBSD.org/freebsd/6f0529e2-2e82-11e6-b2ec-b499baebfeaf.html
> this only affects versions of openssl < 1.0.2_13
Yes, openssl 1.0.2_13 is the fixed version.
Run 'pkg audit -F' and try again.
--
Herbert
More information about the freebsd-ports
mailing list