-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010/04/17 07:49, Tim Gustafson wrote: > Hi, > > I run a few web servers with need to be PCI compliant. Apparently there's a > problem with OpenSSL 0.9.8k that requires us to upgrade to 0.9.8l for us to > maintain our compliance level. > > I've csup'd to RELENG_8_0 and did a build/install cycle and OpenSSL is still > at 0.9.8k. Using RELENG_8 isn't really an option for me because the last I > upgraded to that level, ipfw was broken and I'm not sure that the problem > with ipfw has been fixed (Luigi tells me that it has, but I haven't had time > to test it yet). > > Is there any movement to patch RELENG_8_0 with OpenSSL 0.9.8l? Or will I be > stuck with 0.9.8k until I move to RELENG_8?
RELENG_8_0 is considered as "frozen" which means we will do massive upgrade there. RELENG_8 would have the latest OpenSSL. Note that "cheery picking" style of changes _may_ be permitted on RELENG_8_0 per re@ and security-officer@'s decision. If you know what the problem is, please feel free to let [email protected] know, ideally with a reference to OpenSSL bug tracking system, a CVE number, etc. so we will be able to handle it more quickly. We do have patched RELENG_8_0 before 8.0-RELEASE for a few SSL protocol flaws. http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc Hope this helps. Cheers, - -- Xin LI <[email protected]> http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBAgAGBQJLyeUyAAoJEATO+BI/yjfB1+MH/09y/TwPiSBwo/du9g3MdUX/ hiT0zI1FKgjEVEYw/QkEKD5F5TJLVQqhmgrW//JYzpVYt2w+QVZuEbuH2Mtf/wXk 6Py8Un3mUjeC7O2gEKmi0XgWX5cyFPariF4DGiXrZE0aO1y3xg/9SYwvuYX2dXdQ 4loqv4A74qTDiBedm/dLVFG7wlED5Tk03fgtvbyhbdEH5Dy7JnvUvgUc1P4/c2dN zkBs4lRn+zd31itORyq1HmvmD5dWcpbXeEyb7OoSDZAsreCWfn5I623oEdhoumem bJWsv8pSU6qc9ENY5Oot4CLhnweT3UvnMBTebM4egqG9YSvTwIRDqaVkHaPLdtw= =UH5d -----END PGP SIGNATURE----- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
