upcoming release 6.1: old version of some core components

No at SPAM at mgEDV.net nospam at mgedv.net
Tue Apr 11 15:46:05 UTC 2006

> I can't answer you main question, but I would say that you can bet your 
>shirt on the fact that there will be no known security issues in the 
> older packages.

> At least for openssl and openssh you can get latest versions through the 
> ports.  Not an option for everything -- I see no zlib for example and I 
> don't believe there's a standard cvs port either.

as for zlib i definitely know, that there are 2 security flaws, which can
lead to problems when invalid compressed data is feeded.

my problem also is not the installation of ports/packages/custom compiles,
it's more that the operating system components itself are linked against
these older libraries an therefore will contain bugs, which may have been
already solved.
i definitely don't want to install openssl twice on the same host, as this
make's no sense for me. if the os operates with the old version, security
is at that level at all, regardless of one or another userland-daemon having
a newer version being linked to.

whatever, i will use freebsd anyways, regardless of my main question getting
answered or not ;-)

br & cu...

More information about the freebsd-questions mailing list