Why no update of base/ports openssl for recent CVEs?
Robert Simmons
rsimmons0 at gmail.com
Wed Nov 22 01:11:15 UTC 2017
I don't have an answer for base, but I think if you just update your ports
tree, you will see the update to 1.0.2m was committed on Nov 2nd (2 weeks
and 5 days ago):
https://svnweb.freebsd.org/ports?view=revision&revision=453380
On Tue, Nov 21, 2017 at 6:31 PM, Mel Pilgrim <list_freebsd at bluerosetech.com>
wrote:
> OpenSSL 1.0.2 before 1.0.2m (ports and 11.x base) are affected by
> CVE-2017-3735 and CVE-2017-3736, the most recent reported on 2 November.
>
> Why hasn't an SA and update for base been released, or security/openssl
> been updated?
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
> "
>
More information about the freebsd-security
mailing list