[EMAIL PROTECTED] writes:
> Hello Lowell,
> Thursday, October 2, 2003, 4:34:32 PM, you wrote:
> > Gabriel Ambuehl <[EMAIL PROTECTED]> writes:
> >> There was a security advisory about openssl <0.9.7b having a bug in
> >> the ASN encoding code on 30th Sept 03 and now I'm wondering what to do
> >> about it? Install the port? Wait some more and do another cvsup
> >> (currently, nothing shows up in UPDATING)?
> > The security officer announced (on the 30th) that he was going to
> > import 0.9.7c "over the next few days". That's complete, but there
> > hasn't been an announcement or FreeBSD SA release.
> So I can cvsup as of today and be safe, right?
So you can cvsup as of today and get openssl 0.9.7c.
Whether that constitutes "safe," you'd have to ask the security officer.
Note that this bug does *not* open your machine up to remote
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"